New Mars Stealer malware can steal user’s cryptocurrency

A new malware called “Mars Stealer” targets cryptocurrency wallets that act as browser extensions to steal coins stored by users.

According to security researchers 3xportMars Stealer is a premium upgrade from Trojan Oski 2019 and is capable of stealing cryptos stored in people’s wallets by attacking wallet browser extensions.

New malware attacks cryptocurrency wallets working in browsers

According to 3xp0rt, Mars Stealer is a powerful malware that attacks more than 40 browser-based wallets by carefully navigating through the wallet’s security features, such as two-factor authentication, using its functionality to steal the private key in the user’s wallet steal .

The official blog post says:

“Mars Stealer is written in ASM/C using WinApi, the weight is 95 kb. Use special techniques to hide WinApi commands, encrypt strings, collect in-memory information, support secure SSL connections with C&C, don’t use CRT, STD.

Mars Stealer can easily hack crypto-related extensions, including popular wallets like MetaMask, Nifty Wallet, Coinbase Wallet, Binance Chain Wallet, and Tron Link. 3xp0rt also reports that the malware targets Chromium-based extensions except Opera.

Mars Stealer can also extract valuable information related to processor model, computer name, machine ID, GUID, installed software and their versions, username and computer domain.

Another interesting feature of this malware is that Mars Stealer performs a pre-check on the user’s country of origin to determine if the user is in a community of independent countries. If the user’s ID belongs to such countries as Russia, Kazakhstan, Belarus, Azerbaijan and Uzbekistan, the program will not perform any negative activities and will terminate the application.

Mars Stealer has been known to infiltrate wallet extensions, spreading through multiple channels including file-hosting sites, torrent clients, and suspicious sites. After infiltrating the crypto-wallet extension, the malware performs the theft by sabotaging the wallet’s private key and security features, and once inside the wallet, exits the extension and erases all visible traces of the theft.

Cryptocurrency wallet security is often a hotly debated topic, as many of the popular reports of fraud and theft have taken place in this area. The fast-spreading new malware report was also released to warn investors to be extra careful and vigilant when storing cryptocurrencies in browser-based wallet extensions.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page