{"id":553531,"date":"2023-02-18T13:30:00","date_gmt":"2023-02-18T10:30:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/crypto-investors-under-attack-by-two-new-malware-reveals-cisco-talos\/"},"modified":"2023-02-18T13:30:00","modified_gmt":"2023-02-18T10:30:00","slug":"crypto-investors-under-attack-by-two-new-malware-reveals-cisco-talos","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/crypto-investors-under-attack-by-two-new-malware-reveals-cisco-talos\/","title":{"rendered":"# Crypto investors under attack by two new malware, reveals Cisco Talos"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3c462adfbba\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3c462adfbba\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/crypto-investors-under-attack-by-two-new-malware-reveals-cisco-talos\/#%E2%80%9D_Crypto_investors_under_attack_by_two_new_malware_reveals_Cisco_Talos_%E2%80%9C\" >&#8221; Crypto investors under attack by two new malware, reveals Cisco Talos &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Crypto_investors_under_attack_by_two_new_malware_reveals_Cisco_Talos_%E2%80%9C\"><\/span>&#8221; Crypto investors under attack by two new malware, reveals Cisco Talos &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-48054ca8>Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs propagated by unknown sources that are actively targeting crypto investors in a desktop environment.\u00a0<\/p>\n<p>Since December 2022, the two malicious files in question \u2014 MortalKombat ransomware and Laplas Clipper malware threats \u2014 have been actively scouting the Internet for stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The victims of this campaign are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/24721aad-aa77-454b-a972-d30c59e82b03.jpg\" alt=\"\" title=\"\"><figcaption style=\"text-align: center;\"><em>Victimology of the malicious campaign. Source: Cisco Talos<\/em><\/figcaption><\/figure>\n<p>The malicious software work in partnership to swoop information stored in the user\u2019s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.<\/p>\n<p>The attack relies on the user\u2019s inattentiveness to the sender\u2019s wallet address, which would send over the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/ed380fc6-407f-424e-a87a-2deca1623ba5.png\"><figcaption style=\"text-align: center;\"><em>Ransom notes\u00a0shared by MortalKombat ransomware. Source: Cisco Talos<\/em><\/figcaption><\/figure>\n<p>Once infected, the MortalKombat ransomware encrypts the user\u2019s files and drops a ransom note with payment instructions, as shown above. Revealing the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">download<\/a> links (URLs) associated with the attack campaign, Talos\u2019 report <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.talosintelligence.com\/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats\/\">stated<\/a>:<\/p>\n<blockquote><p>\u201cOne of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos\u2019 analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.\u201d<\/p><\/blockquote>\n<p>As <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/mortal-kombat-ransomware-forms-tag-team-partnership-with-laplas-clipper\">explained<\/a> by Malwarebytes, the \u201ctag-team campaign\u201d starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.<\/p>\n<p>Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making investments while ensuring the official source of communications. Check out this Cointelegraph Magazine article to learn\u00a0how to keep crypto assets safe.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>US Justice Department seizes website of prolific ransomware gang Hive<\/em><\/strong><\/p>\n<p>On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/291e3a57-30aa-4e75-9d4a-22421815a304.jpg\"><figcaption style=\"text-align: center;\"><em>Total value extorted by ransomware attackers between 2017 and 2022. Source: <\/em><em>Chainalysis<\/em><\/figcaption><\/figure>\n<p>While revealing the information, Chainalysis noted that the figures don\u2019t necessarily mean the number of attacks is down from the previous year.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/crypto-investors-under-attack-by-two-new-malware-reveals-cisco-talos\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Crypto investors under attack by two new malware, reveals Cisco Talos &#8220; Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs propagated by unknown sources that are actively targeting crypto investors in a desktop environment.\u00a0 Since December 2022, the two malicious files in question \u2014 MortalKombat ransomware and Laplas Clipper malware threats&#8230;<\/p>\n","protected":false},"author":1,"featured_media":553532,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/239f2ca0-d5d9-421d-b56e-02a56e72465a.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74863,122547,75857,74355,117,62074,73240],"class_list":["post-553531","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cryptocurrencies","tag-exp-attack","tag-malware","tag-adoption","tag-business","tag-ransom","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/553531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=553531"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/553531\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/553532"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=553531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=553531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=553531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}