Cisco Talos Warns Of New Malware Attacks On Crypto Investors
In cryptocurrency, investors are always looking for potential threats that could put their investments at risk. Unfortunately, two new malware threats have recently emerged: Laplas Clipper malware and MortalKombat ransomware.
According to Cisco Talos (a cyber threat intelligence firm), these two malicious files have been actively scouting the Internet since December of 2022, intending to steal cryptocurrencies from unsuspecting investors.
Malwarebytes Discovers Two New Malicious Programs Targeting Cryptocurrency Investors
Since December 2022, Malwarebytes has detected two new malicious computer programs originating from unidentified sources, actively aiming to steal cryptocurrencies from investors using desktop systems. The Cisco Talos threat intelligence research team has exposed that these two malware-incorporated files (Laplas Clipper malware and MortalKombat ransomware) have been actively searching the web.
Most victims are from the United States, with smaller numbers from the UK, the Philippines, and Turkey. The malicious software functions in tandem to access data saved in a user’s clipboard, usually a sequence of letters and numbers copied by the individual.
The malware detects any wallet addresses copied to the clipboard and changes them to a different address. The user’s lack of attention to the cryptocurrency destination address enables the attack, and an unidentified attacker could receive the funds.
This attack can harm both small and large organizations, as well as individual users. Once it has infiltrated the system, the MortalKombat ransomware locks up the user’s documents.
Often, it leaves a ransom note providing payment directions. The Talos’ report identified the URLs linked to the attack campaign and highlighted that one is connected to a server managed by the attacker.
Their analysis revealed that the IP address was running a Remote Desktop Protocol crawler scanning for open Remote Desktop Protocol port 3389, from which the MortalKombat ransomware would be downloadable.
As outlined by Malwarebytes, a “tag-team” assault begins with an email containing a malicious attachment to a cryptocurrency-related theme. The attachment is a BAT file which, if opened, will assist in downloading and performing the ransomware.
Victims Of Ransom Demands More Unwilling To Meet Requests – Chainalysis
Despite a surge in the number of different ransomware varieties in circulation, income went down, says Fortinet, a cybersecurity company. However, Chainalysis, a blockchain intelligence firm, provided data in a report published last month that revealed that the number of cyberattacks had stayed the same compared to the previous year.
The firm explained that organizations have become more vigilant with their security precautions, and victims of ransom demands have become more unwilling to meet the assailants’ requests. Furthermore, Chainalysis stated that the immutability of blockchain technology makes it more difficult for assailants to succeed in their attempts, as investigators can quickly recognize such efforts:
“Investigators can quickly detect these reallocations once executed, thanks to the transparency of the blockchain.” Interestingly, ransomware attackers’ utilization of centralized cryptocurrency exchanges to relocate the funds rose to 48.3% in 2022 compared to 39.3% in 2021.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.
