Security News > 2023 > February > Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas.

The starting point that kicks off the multi-stage attack chain is a phishing email bearing a malicious ZIP file that's used as a pathway to deliver either the clipper or the ransomware.

The Laplas clipper is a Golang variant of malware that came to light in November 2022.

It's designed to monitor the clipboard for any cryptocurrency wallet address and substitute it with an actor-controlled wallet to carry out fraudulent transactions.

"The clipper reads the victim machine's clipboard contents and executes a function to perform regular expression pattern matching to detect the cryptocurrency wallet address," Raghuprasad explained.

"When a cryptocurrency wallet address is identified, the clipper sends the wallet address back to the clipper bot. In response, the clipper receives an attacker-controlled wallet address similar to the victim's and overwrites the original cryptocurrency wallet address in the clipboard."

News URL

https://thehackernews.com/2023/02/financially-motivated-threat-actor.html