Beware! A new malware “Mars Stealer” can steal your crypto


According to security researcher 3xp0rt, Mars stealer is an advanced upgrade of the 2019 Oski Trojan and can loot cryptocurrency stored in people’s wallets by attacking the wallets’ browser extensions. 

New malware is attacking browser-based crypto wallets 

According to 3xp0rt, Mars Stealer is powerful malware that attacks 40+ browser-based wallets by carefully navigating through the wallet’s security features such as two-factor authentication with the help of a grabber function that steals private keys of a user’s wallet. 

Track live crypto price of 10000+ coins!


The official blog post stated:

“Mars Stealer written in ASM/C with using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesn’t use CRT, STD.” 

Mars Stealer can easily jeopardize crypto extensions, including popular wallets such MetaMask, Nifty wallet, Coinbase wallet, Binance Chain Wallet, and Tron Link. 3xp0rt also reports that the Malware targets extensions based on Chromium except for Opera. 

Mars Stealer can also extract valuable information concerning processor model, computer name, machine ID, GUID, installed software and their versions, user name, and domain computer name. 

Another interesting feature of this malware is that Mars Stealer performs a prior check on a user’s country of origin to check whether the user belongs to a commonwealth of independent states. If a user’s ID belongs to countries such as Russia, Kazakhstan, Belarus, Azerbaijan, and Uzbekistan, the program will not perform any negative activity and will exit the application.

Related:  Crypto Community Holds its Breath as the EU Finalizes Regulations on PoW and Unhosted Wallets this Month

Mars Stealer is known to invade the extensions of wallets by spreading through numerous channels, including file-hosting websites, torrent clients, and dubious websites. Once it enters the crypto wallet extension, the malware then performs the theft by sabotaging the wallet’s personal keys and security features and later exits the extension after deleting any visible traces of the theft.

Crypto wallet security has often been a heated topic for discussion as multiple scams and prevalent theft reports have taken place in the cryptocurrency domain. The report of new malware being rampant is also issued in a bid to warn investors to be cautious and pay extra attention while storing cryptocurrencies in browser-based wallet extensions. 

Everdome

CryptoSlate Newsletter

Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis

Price snapshots

More context

Join now for $19/month Explore all benefits


Download MAXBIT Android App, Your best source of all crypto news!

Google Play

Source link