KEY POINTS

  • 2 new cybersecurity threats are prying on unsuspecting crypto investors
  • These two are MortalKombat ransomware and the Laplas Clipper Malware's GO variant
  • Security researchers have been observing these campaigns since December 2022

Malicious actors are reportedly using two new malicious computer programs or malware with unknown origins to feast on users' clipboards and actively target unsuspecting and vulnerable cryptocurrency investors to try and siphon their funds.

In a recent report, threat intelligence research team Cisco Talos revealed that these new cybersecurity threats, including the MortalKombat ransomware and the Laplas Clipper Malware's GO variant, have been deployed on the Internet to steal cryptocurrencies from victims.

According to the report, the malware works as a tag team to gather information from the users' clipboard, which usually consists of letters and numbers the users copied. The program then detects wallet addresses copied onto the clipboard and swaps them with a new wallet address, one that malicious actors own.

The attack primarily depends on the crypto investors' failure to double-check the wallet address they want to send their crypto to. Since the malware has no specific target, malicious actors deploy them to both individual, small and large organizations, the report said.

Talking about the malware named MortalKombat, which is also ransomware, security researchers revealed that if it infects a computer, it immediately encrypts the user's files and leaves a ransom note with details and payment instructions.

The infection campaign launched by malicious actors starts with a phishing email and later escalates to a multi-stage attack chain where the actors deliver either malware or ransomware.

Security researchers also discovered that malicious actors are crafty when carrying out this kind of attack since they delete pieces of evidence that would reveal the malicious files and always cover their tracks, making it challenging for experts to analyze and catch the malware or its origin.

Cisco Talos has been observing these campaigns since December 2022 and has found victims spread across the globe, with most of them located in the United States and a small percentage of victims in the United Kingdom, Turkey and the Philippines.

"Users and organizations [should] be meticulous about the recipient's wallet address while performing cryptocurrency transactions," Talos said in a blog post.

"Talos encourages updating computers with the latest security updates, implementing robust endpoint protection solutions with behavioral detection capabilities, and maintaining tested, offline backup solutions for endpoints with a reasonable restoration time in the event of a ransomware attack," it added.

hacker-g1fc7c2437_1920
Representative image Credit: Pixabay