Cyber Criminals Target Crypto Investors with New Malware – Here's What You Need to Know

cryptonews.com:

Hackers and cybercriminals have been targeting crypto investors with two new malware threats that scout the internet for unwary investors to steal their funds. 

According to a recent report by anti-malware software Malwarebytes, two new cybersecurity threats, which include recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, have been deployed in campaigns aimed at stealing cryptocurrency from victims.

The new phishing attack's victims are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines.

The company's threat intelligence research team, Cisco Talos, said they observed the criminal scanning the internet for potential targets with an exposed remote desktop protocol (RDP) port 3389, a proprietary protocol that provides a user with a graphical interface to connect to another computer over a network connection.

The research said that the campaign begins with a phishing email "and kicks off a multi-stage attack chain in which the actor delivers either malware or ransomware, then deletes evidence of malicious files, covering their tracks and challenging analysis."

The phishing email comes with a malicious ZIP file that contains a BAT loader script, which downloads another malicious ZIP file when a victim opens it. The malware also inflates the victim's device and executes the payload, which is either the GO variant of Laplas Clipper malware or MortalKombat ransomware. 

"The loader script will run the dropped payload as a process in the victim’s machine, then delete the downloaded and dropped malicious files to clean up the infection markers," the report detailed. 

Talos noted that a usual vector of attack for the