Malwarebytes, the anti-malware software, has drawn attention to 2 new malicious computer programs that are distributed by unknown sources and specifically target crypto investors in a desktop environment.
Two malicious files
It concerns 2 malicious files under the name ‘MortalKombat ransomware’ and ‘Laplas Clipper malware’. This malware actively seeks out cryptocurrencies from unwary investors, who then steal them from them. The malware has reportedly been active since December of 2022.
The victims of the campaign are mainly in the United States (US), with a smaller percentage of victims in the United Kingdom (UK), Turkey and the Philippines.
The malicious software allegedly cooperates to collect information stored in the user’s clipboard. This often involves a sequence of letters and numbers copied by the user. Then the malware detects crypto addresses copied to the clipboard and replaces them with another address.
This attack is based on the fact that users often do not pay attention to whether the sender’s wallet address is correct. This would cause the user to send cryptocurrencies to an unknown attacker. The attack has no clear target and therefore focuses on individuals, small and large organizations.
Victim’s files are encrypted
Once a computer is infected, the user’s files are encrypted by MortalKombat ransomware. A ransom note with payment instructions is then displayed. A Cisco Talos report revealed the download links (URLs) associated with the attack campaign:
One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos analysis, running 193[.]169[.]255[.]78 An RDP crawler that scans the Internet for exposed RDP port 3389.
This is a relatively early detection of malicious software that has a high potential. This allows investors to proactively avoid being hit by this attack, which in turn is a win.
Finally, it is worth noting that although the number of crypto-related malware attacks seems to be on the rise, many victims choose not to pay the extortion requests. As a result, revenue from ransomware attacks fell by about 40% in the past year.