MortalCombutt Ransomware And Laplas Clipper Malware Menyuruh Investor Kripto

Malwarebytes, anti-mallware software. (photo: twitter @Malwarebytes)

JAKARTA - Malwarebytes, an anti-mallware software, highlighted two malicious computer programs that spread from unknown sources and actively targeted crypto investors in the desktop environment.

Since December 2022, two malicious files - MortalCombut ransomware and Laplas Clipper malware - have been actively searching the internet and stealing cryptocurrence from suspicious investors, as revealed by threat intelligence research team Cisco Talos.

The victims of this campaign were mainly in the United States, with smaller percentage of victims in the UK, Turkey, and the Philippines. This malicious software works together to retrieve information stored on the user's billboard, which is usually a series of letters and numbers copied by the user. Infection then detects the wallet address copied to the cropboard and replaces it with a different address.

This attack relies on the user's ignorance of the sender's wallet address, which will send cryptocurrence to unknown attackers. Without a clear target, this attack extends to small and large individuals and organizations.

After being infected, MortalCombut ransomware will encrypt user files and leave a ransom note with payment instructions. Through the Talos report, the download link (URL) related to the attack campaign is shown:

One of them reached a server controlled by the attacker via the address IP 193[.]169[.255[.]78, based in Poland, to download the MortalCombut ransomware. According to Talos analysis, 193[.169[.255[.]78 runs the RDP crane, scanning the internet to search for an open RDP port of 3389."

As Malwarebytes explains, the "tag-team" campaign begins with cryptocurrency-themed emails containing malicious attachments. The appendix runs BAT files that help download and execute ransomware when opened.

Thanks to potentially high early detection of malicious software, investors can proactively prevent this attack from affecting their financial well-being. Cointelegraph advises investors to carry out extensive due diligence before investing, while ensuring official sources of communication.

On the other hand, as ransomware victims continued to reject ransom demands, ransomware revenue for attackers fell 40% to USD 456.8 million (IDR 6.9 trillion) in 2022.