This new malware is targeting crypto investors globally! Here’s how you can spot it

A new ransomware has claimed several victims in the crypto space by luring them with fake crypto rewards.

Mortalkombat ransomeware is being used to scam people.

By Emerging Tech Team: The crypto-verse is no stranger to malicious programs and cybercriminals who target crypto users to steal their funds. In a recent report by anti-malware software firm Malwarebytes, it has been found that a new strain of malware known as MortalKombat ransomware and a GO variant of the Laplas Clipper malware have been targeting crypto investors and duping them of their money.

The victims of this newly discovered threat are mostly concentrated in the United States with a small portion of victims being from the UK, earthquake-stricken Turkey and the Philippines.

The Malwarebytes threat intelligence team, Cisco Talos, said that it had been scanning the internet for such threats and also potential targets who had an exposed Remote Desktop Protocol (RDP) port 3389. This is a protocol that provides a user to potentially connect with another user over the network using a graphical interface.

How are attackers targeting people?

As per the research, the attack was initiated via a phishing email which led to a multi-stage attack chain. In this form of an attack, the “attackers impersonate CoinPayments, a legitimate global cryptocurrency payment gateway. Additionally, the emails have a spoofed sender email, “noreply[at]CoinPayments[.]net”, and the email subject “[CoinPayments[.]net] Payment Timed Out.”

Following this, a ZIP file is attached with a filename that resembles the transaction ID mentioned in the email body. The recipient of the mail (in expectation of a reward) opens the ZIP file and views the contents of the file. This leads to the malicious program entering the users’ system and then exploiting vulnerabilities.

After this, whenever a user tries to send crypto to an exchange or another user, the ransomware re-directs the funds to the attacker’s wallet without letting the users know.

“The loader script will run the dropped payload as a process on the victim’s machine, then delete the downloaded and dropped malicious files to clean up the infection markers,” the report further added.

The threat isn’t dead

The research firm also notes that most of the attacks were being undertaken using phishing emails and by impersonating well-known crypto-payment platforms. In the past, there have been instances when some users have been inadvertently sent crypto by top crypto exchanges and this acts as a major trigger point in this kind of scam.

Though it has been reported that the revenue generated by crypto scams has dropped by over 45 percent in the past year, it is still not a safe ecosystem for crypto investors who get duped by such scams.