Crypto investors under attack by new malware, reveals Cisco Talos

Crypto investors under attack by new malware, reveals Cisco Talos

Anti-malware software Malwarebytes highlighted two new malicious computer programs propagated by unknown sources actively targeting crypto investors in a desktop environment. 

Since December 2022, the two malicious files in question — MortalKombat ransomware and Laplas Clipper malware — have been actively scouting the internet and stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The campaign’s victims are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey and the Philippines, as shown below.

Victimology of the malicious campaign. Source: Cisco Talos

The malicious software work in partnership to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.

The attack relies on the user’s inattentiveness to the sender’s wallet address, which would send the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.

Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos

Once infected, the MortalKombat ransomware encrypts the user’s files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URLs) associated with the attack campaign, Talos’ report stated:

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”

As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.

Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Enic Magazine advises investors to perform extensive due diligence before investing, while ensuring the official source of communications. Check out this Enic Magazine Magazine article to learn how to keep crypto assets safe.

関連する US Justice Department seizes website of prolific ransomware gang Hive

On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.

Total value extorted by ransomware attackers between 2017 and 2022. Source: Chainalysis

While revealing the information, Chainalysis noted that the figures don’t necessarily mean the number of attacks is down from the previous year.

今すぐBNBの財布にエニックスを入れて、次の数ヶ月で驚異的な成長の恩恵を受けましょう。

エニック・イニシャル・コイン・オファーに今すぐ参加する
大きな収益を上げることができます。
よくよく考えてみると

は、携帯電話やタブレットで操作しているのでしょうか?

以下のアドレスをコピーするか、暗号ウォレットにスキャンして、このアドレスにENICに変換したいBNBを送信してください。

0x5c887F4518a95CdAfFe4E4B3AFDA00C2BB2BcD69

または、お使いの暗号ウォレットアプリケーションで、すぐに以下のQRコードをスキャンしてください。

送信されたBNBは即座にENICに変換され、数秒後にあなたのウォレットに届きます。

はデスクトップで操作しているのでしょうか?

(MetamaskまたはTrustwallet拡張機能を持つChromeブラウザを推奨)

以下のアドレスをコピーするか、暗号ウォレット拡張機能にスキャンして、このアドレスにENICに変換したいBNBを送信してください。

0x5c887F4518a95CdAfFe4E4B3AFDA00C2BB2BcD69

送信されたBNBは即座にENICに変換され、数秒後にあなたのウォレットに届きます。

オア

私たちの社会

のホルダーがあります。
せかいかくち

今すぐTelegramチャンネルに参加して、Enicの成長を実感してください。

0
参加した人
0 +
アイコスケジューラー
0
エネルギー
納入業者
ja日本語