 |
April 19, 2023, 02:14:03 PM |
|
Hi, Bitcointalkers,
We publish this unsolicited material for those who regularly use cryptocurrency for business transactions. As Solar Communications’ main business goal is information security for web hosting services, we are constantly monitoring for new online frauds and reacting sharply to new attempts by scammers to come up with schemes to steal from the Internet.
Two new malware threats have emerged, targeting cryptocurrency investors with phishing emails to steal their funds. Anti-malware software Malwarebytes reports that the MortalKombat ransomware and a GO variant of the Laplas Clipper malware are being deployed in campaigns aimed at stealing cryptocurrency. The phishing emails are predominantly targeting victims in the United States, with a smaller percentage in the United Kingdom, Turkey, and the Philippines. The criminals are scanning the internet for potential targets with an exposed remote desktop protocol (RDP) port 3389.
The campaign begins with a phishing email, which kicks off a multi-stage attack chain where the actor delivers either malware or ransomware and then deletes evidence of malicious files. The phishing email comes with a malicious ZIP file that contains a BAT loader script, which downloads another malicious ZIP file when a victim opens it. The malware inflates the victim’s device and executes the payload, which is either the GO variant of Laplas Clipper malware or MortalKombat ransomware.
The criminals usually impersonate CoinPayments, a legitimate global cryptocurrency payment gateway, in their phishing emails. To make the emails look even more legitimate, they have a spoofed sender, “noreply[at]CoinPayments[.]net”, and the email subject “[CoinPayments[.]net] Payment Timed Out.” A malicious ZIP file is attached with a filename resembling a transaction ID mentioned in the email body, which allures the victim to unzip the malicious attachment to view the contents, which is a malicious BAT loader.
Ransomware and cybersecurity attacks continue to increase. However, victims have been increasingly unwilling to pay attackers their demands, according to a recent report by Chainalysis, which revealed that ransomware revenues for attackers plummeted 40% last year. North Korean hacking groups account for a significant portion of illicit cyber activities. South Korean and United States intelligence agencies recently warned that Pyongyang-based hackers are trying to hit “major international institutions” with ransomware attacks. In December 2022, Kaspersky also revealed that BlueNoroff, a subgroup of the North Korean state-sponsored hacking group Lazarus, is impersonating venture capitalists looking to invest in crypto startups in a new phishing method.
What do you think about it?
|
