Cisco Talos Warns Of New Malware Attacks On Crypto Investors

In cryptocurrency, investors are always looking for potential threats that could put their investments at risk. Unfortunately, two new malware threats have recently emerged: Laplas Clipper malware and MortalKombat ransomware.
According to Cisco Talos (a cyber threat intelligence firm), these two malicious files have been actively scouting the Internet since December of 2022, intending to steal cryptocurrencies from unsuspecting investors.
Malwarebytes Discovers Two New Malicious Programs Targeting Cryptocurrency Investors
Since December 2022, Malwarebytes has detected two new malicious computer programs originating from unidentified sources, actively aiming to steal cryptocurrencies from investors using desktop systems. The Cisco Talos threat intelligence research team has exposed that these two malware-incorporated files (Laplas Clipper malware and MortalKombat ransomware) have been actively searching the web.
Most victims are from the United States, with smaller numbers from the UK, the Philippines, and Turkey. The malicious software functions in tandem to access data saved in a user’s clipboard, usually a sequence of letters and numbers copied by the individual.
The malware detects any wallet addresses copied to the clipboard and changes them to a different address. The user’s lack of attention to the cryptocurrency destination address enables the attack, and an unidentified attacker could receive the funds.
This attack can harm both small and large organizations, as well as individual users. Once it has infiltrated the system, the MortalKombat ransomware locks up the user’s documents.
Often, it leaves a ransom note providing payment directions. The Talos’ report identified the URLs linked to the attack campaign and highlighted that one is connected to a server managed by the attacker.
Their analysis revealed that the IP address was running a Remote Desktop Protocol crawler scanning for open Remote Desktop Protocol port 3389, from which the MortalKombat ransomware would be downloadable.
As outlined by Malwarebytes, a “tag-team” assault begins with an email containing a malicious attachment to a cryptocurrency-related theme. The attachment is a BAT file which, if opened, will assist in downloading and performing the ransomware.
Victims Of Ransom Demands More Unwilling To Meet Requests – Chainalysis
Despite a surge in the number of different ransomware varieties in circulation, income went down, says Fortinet, a cybersecurity company. However, Chainalysis, a blockchain intelligence firm, provided data in a report published last month that revealed that the number of cyberattacks had stayed the same compared to the previous year.
The firm explained that organizations have become more vigilant with their security precautions, and victims of ransom demands have become more unwilling to meet the assailants’ requests. Furthermore, Chainalysis stated that the immutability of blockchain technology makes it more difficult for assailants to succeed in their attempts, as investigators can quickly recognize such efforts:
“Investigators can quickly detect these reallocations once executed, thanks to the transparency of the blockchain.” Interestingly, ransomware attackers’ utilization of centralized cryptocurrency exchanges to relocate the funds rose to 48.3% in 2022 compared to 39.3% in 2021.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.