Since December 2022, cryptojacking activity has increased due to new malware — MortalKombat and Laplas Clipper.
Research company Cisco Talos identified two new types of malware, MortalKombat ransomware and Laplas Clipper malware, which have been actively used to steal cryptocurrencies since late 2022.
Infection by this kind of software occurs via email. Victims receive an email about crypto investments or any crypto-related content that contains a malicious attachment. Targets are mostly users of various exposed remote protocols.
Laplas Clipper malware is used to gain access to a user’s clipboard. In case a string consisting of letters and digits (i.e., a wallet address) appears in the clipboard, the program will replace it with another one after pasting. Thus, attackers can obtain digital assets that users transfer to the address copied to the clipboard.
Using MortalKombat ransomware, fraudsters gain access to the files on a user’s computer and encrypt them, then send a ransom demand email. Victims of this type of scam are most often computers connected to corporate servers, which gives attackers access to various company documents.
Cisco Talos analysts reported that MortalKombat and Laplas Clipper victims most often come from the United States, the United Kingdom, Turkey, and the Philippines.
The team at Malwarebytes, an antivirus software company, told how to protect against this attack. There are a few simple rules to follow:
- Protect your Internet connection. It’s important to disable or tighten control over remote access programs such as RDP and VPN.
- Eliminate access to all company files through a single computer by using network segmentation and access passwords. This will make it more difficult for intruders to work within the organization’s network if they gain access to it.
- Use antivirus software to identify and locate malware. For example, Malwarebytes detects MortalKombat as malware and Laplas Clipper as a Trojan.
- Make backup copies of documents regularly. Store them outside the corporate space and offline.
- Always check that the address pasted from the clipboard is correct.
The use of ransomware and malware became one of the most popular methods of crypto scams in 2022. And this is despite the fact that at the beginning of the year, when BTC’s price went down, the number of such attacks decreased significantly.