Financially Inclined Hackers Using Innovative Ransomware and Clipper Malware
In a string of new financially motivated cyberattacks beginning at the end of 2022, hackers are now using an innovative ransomware strain known as MortalKombat and a clipper malware called Laplas. Typically, clipper malware functions as malware that downloads other malicious programs which allow the hacker to access and control the infected device from a remote location.
The cybersecurity firm, Cisco Talos, "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389." From research by this company, attacks target individuals, small businesses, and even large companies throughout the United States, along with entities in the United Kingdom, Turkey, and the Philippines.
This multi-stage campaign begins with the hackers using an email phishing attack containing a malicious ZIP file that works as a pathway to send the ransomware or clipper malware to the device. These email subject lines lure victims by impersonating major cryptocurrency companies.
MortalKombat ransomware was first discovered in January 2023 and is capable of fully-encrypting systems, applications, backups, and even virtual machine files. While the clipper malware, Laplas, is a Golang type of malware that came about in November 2022. This type of malware uses a design that works to focus on the clipboard of any crypto wallet address and change it with a hacker-controlled wallet to complete fraudulent transactions.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.