Home Security Financially Motivated Menace Actor Strikes with New Ransomware and Clipper Malware

Financially Motivated Menace Actor Strikes with New Ransomware and Clipper Malware

by crpt os


Feb 15, 2023Ravie LakshmananCryptocurrency / Ransomware

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas.

Cisco Talos said it “observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389.”

The attacks, per the cybersecurity company, primarily focuses on individuals, small businesses, and large organizations located in the U.S., and to a lesser extent in the U.K., Turkey, and the Philippines.

The starting point that kicks off the multi-stage attack chain is a phishing email bearing a malicious ZIP file that’s used as a pathway to deliver either the clipper or the ransomware.

In addition to using cryptocurrency-themed email lures impersonating CoinPayments, the threat actor is also known to erase infection markers in an attempt to cover its tracks.

MortalKombat, first detected in January 2023, is capable of encrypting system, application, backup, and virtual machine files in the compromised system. It further corrupts Windows Explorer, disables the Run command window, and removes applications and folders from Windows startup.

Ransomware and Clipper Malware

A source code analysis of the ransomware reveals that it’s part of the Xorist family of ransomware, Cisco Talos researcher Chetan Raghuprasad said.

The Laplas clipper is a Golang variant of malware that came to light in November 2022. It’s designed to monitor the clipboard for any cryptocurrency wallet address and substitute it with an actor-controlled wallet to carry out fraudulent transactions.

“The clipper reads the victim machine’s clipboard contents and executes a function to perform regular expression pattern matching to detect the cryptocurrency wallet address,” Raghuprasad explained.

“When a cryptocurrency wallet address is identified, the clipper sends the wallet address back to the clipper bot. In response, the clipper receives an attacker-controlled wallet address similar to the victim’s and overwrites the original cryptocurrency wallet address in the clipboard.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex