A New Malware Threat in the Crypto World

A New Malware Threat in the Crypto World

Cybercriminals are utilizing two new malware threats to target crypto investors and steal their funds. Malwarebytes, an anti-malware software provider, recently published a report detailing the implementation of MortalKombat ransomware and Laplas Clipper GO variant in malicious campaigns that scout for unsuspecting victims on the web. Crypto holders must stay vigilant against these cyber attacks to protect their assets from being stolen by hackers.

New Malware Attacks Target Users Mostly in the United States

According to Cisco Talos, a company specializing in threat intelligence research, most victims of this recent phishing attack are based in the United States. However, cases have also been reported from the UK, Turkey, and the Philippines. The criminals’ behavior indicates they are actively searching for targets with an exposed RDP port 3389 that provides internet users access to graphical interfaces over different network connections.

A targeted campaign starts with a malicious phishing email containing a ZIP file containing an insidious BAT loader script. When opened, the victims’ devices will be inflated, and this script triggers another ZIP download- which holds either Laplas Clipper malware or MortalKombat ransomware. Inevitably, evidence of these malicious files is deleted to challenge any analysis efforts; as such, making it difficult for anyone attempting to track down the source.

A New Malware Threat in the Crypto World

According to the report, once the dropped payload is activated by a malware loader script on the victim’s machine, it will then delete all evidence of infection. Talos further observed that criminals employ phishing emails impersonating CoinPayments – a genuine worldwide crypto payment gateway – as their dominant attack vector. To bolster this deception and make these emails appear even more legitimate, they feature an imitation sender address “noreply[at]CoinPayments[.]net” and subject lines such as “[CoinPayments[.]net] Payment Timed Out.”

In this case, the attacker uses a fake transaction ID as the filename of an attached ZIP file to trick unsuspecting victims into opening it. However, hiding inside is a malware BAT loader that can initiate further malicious activities on the victim’s computer system.

On the other hand, Attack Revenues Decreased by 40%

Despite the increasing numbers of ransomware and cybersecurity threats, victims have been more resilient in their refusal to pay attackers’ demands. Chainalysis recently reported a 40% decline year-over-year in ransom revenues that cybercriminals could collect from their targets. North Korean hacking groups are primarily responsible for these illicit activities, as South Korea and US intelligence agencies just alerted that Pyongyang hackers attempt to target “major international institutions” with ransomware attacks.

In December 2022, Kaspersky exposed a new phishing approach by BlueNoroff―a subordinate of the infamous North Korean state-sponsored hacking group Lazarus. This subgroup infiltrated crypto startups to impersonate venture capitalists with the motive to invest in them.


You might check: Why Shytoshi Kusama Restricted Shiba is Telegram Channel