Malware Alert: Mars Stealer Attacks Crypto Wallets And 2FAs
DailyCoin
Published Feb 03, 2022 10:30AM ET
Updated Feb 03, 2022 11:00AM ET
Malware Alert: Mars Stealer Attacks Crypto Wallets And 2FAs
New dangerous malware targets browser-based cryptocurrency wallets. The malicious software called Mars Stealer is capable of stealing private keys and logins to 2-Factor Authenticator (2FAs) plugins.
Its targets include widely used browser-based cryptocurrency wallets like MetaMask, Coinbase (NASDAQ:COIN) Wallet, Nifty Wallet, Ronin Wallet, MEW CX, Binance Chain Wallet, TronLink and around 40 other cryptocurrency wallets.
Credential-stealing malware
Mars Stealer is the newer version of Oski Stealer, the malware that first appeared back in 2019 and was used to steal personal and sensitive information that was later offered for sale on Russian underground hacking forums, reported the programmer and malware analyst 3xp0rt.
The malicious software operates by extracting content and information from infected devices. It uses special techniques to collect information from the memory of browser extensions, cryptocurrency wallets, and 2FAs.
Being a lightweight malware of only 95kb weight, Mars Stealer does not strain the infected operating system and thus does not emit any obvious signs of it being compromised. Apart from that, it has the ability to remove itself after the data has been stolen.
Targets multiple browsers
The new malware targets the most popular web browsers, including Chrome (V80), Microsoft (NASDAQ:MSFT) Edge (Chromium Version), Internet Explorer, Opera (NASDAQ:OPRA) (Stable, GX, Neon), Firefox, Brave, Thunderbird, TorBro Browser, SputnikBrowser, and many more. Only the Apple-developed Safari OS has not been mentioned on the target list.
According to the expert, dozens of crypto extensions and wallets like Bitcoin Core, Atomic, Binance, Coinomi, Ethereum, Electrum, Electron Cash, Exodus, JAXX, MultiDoge are also vulnerable to the attacks of Mars Stealer.
Furthermore, the malware targets 2FA plugins. The expert named Authenticator, Authy, EOS Authenticator, GAuth Authenticator, Trezor Password Manager as the main targets.
Mars Stealer also threatens to capture additional information like IP address, country, time zone, keyboard layout, software installed, user names and more.
Hints lead to Russia
Although there is no direct proof that Mars Stealer is some kind of a “Russian export”, several facts hint that it might be originating from there.
The malware is an updated version of Oski Stealer, which appeared to be of Russian origin and sold over the Russian-speaking hacker forums.
Promotion of Mars Stealer has also started on the Russian forums last year. Currently, the private key stealing malware is being sold for around $140 on the hacker forums.
Users have to stay cautious
It depends on hackers’ imagination on how they start to distribute malware. However, the common ways include spreading it via shady download channels, unofficial file-hosting and P2P sharing websites.
Get The News You Want
The fraudsters may also involve spam campaigns, spreading hundreds of thousands of emails with the infected links or files attached.
To minimize the risk of malware infection, cybersecurity experts advise regularly updating apps and software. It is also important not to use unofficial or unverified web sources and not to open suspicious emails, links, or attachments.
Other than that, cryptocurrency users should never share their private key data with anyone and be especially wary of any pop-ups asking to provide such info. To maximize the secure storage of digital assets, experts advise considering the usage of cold-storage cryptocurrency wallets.
EMAIL NEWSLETTER
Join to get the flipside of crypto
Upgrade your inbox and get our DailyCoin editors’ picks 1x a week delivered straight to your inbox.
[contact-form-7] You can always unsubscribe with just 1 click.
Continue reading on DailyCoin
Written By: DailyCoin
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.