The two malicious files — MortalKombat ransomware & Laplas Clipper malware have been actively scouting the internet and stealing cryptocurrencies from unwary investors since December 2022.
Malware protection software Malwarebytes has identified two new malicious computer programs spread by unknown sources actively targeting cryptocurrency investors in a desktop environment.
The two malicious files in question — MortalKombat ransomware & Laplas Clipper malware — have been actively scouting the internet & stealing cryptocurrencies from unwary investors since December 2022, according to Cisco Talos’ threat intelligence research team. The campaign’s victims are mainly from the United States, with a smaller proportion from the United Kingdom, Turkey, and the Philippines.
The malicious software collaborates to steal data from the user’s clipboard, which is typically some string of letters & numbers copied by the user. After that, the infection detects wallet addresses copied to the clipboard & replaces them with a different address.
The attack takes advantage of the user’s inattention to the sender’s wallet address, which sends the cryptocurrencies to an unidentified attacker. The attack has no obvious target and affects individuals and small and large organizations.
When infected, MortalKombat ransomware encrypts the user’s files and leaves a ransom note with payment instructions, as shown above. Talos’ report revealed the download links (URLs) associated with the attack campaign, stating:
“One of them connects to an attacker-controlled server in Poland via IP address 193[.]169[.]255[.]78 to download the MortalKombat ransomware. Talos’ analysis shows that 193[.]169[.]255[.]78 is running an RDP crawler that is searching the internet for exposed RDP port 3389.”
The “tag-team campaign,” described by Malwarebytes, begins with a cryptocurrency-themed e-mail containing a malicious attachment. When opened, the extension executes a BAT file that aids in the download and execution of the ransomware. Investors can proactively prevent this attack from affecting their financial well-being thanks to the early detection of malicious software with high potential.
On the other hand, as ransomware victims continue to refuse extortion demands, attackers’ ransomware revenues will fall 40% to $456.8 million in 2022. While revealing the data, Chainalysis cautioned that the figures do not necessarily imply that the number of attacks has decreased from the previous year.