27 C
Tuesday, July 16, 2024

Beware! A new malware “Mars Stealer” can steal your crypto

Malware is attacking browser-based crypto wallets 

Must read

According to 3xp0rt, security researcher, Mars Stealer is an advanced upgrade of the 2019 Oski Trojan and a powerful malware that attacks 40+ browser-based crypto wallets (browser extensions) by navigating through the wallet’s security features such as two-factor authentication with the help of a grabber function that steals private keys of a user’s wallet.

Many new features were added in the Mars Stealer like anti-debug check, crypto extensions stealing, but outlook stealing is missing. The code has been refactoring, but some algorithms remained stupid as in Oski Stealer

The official blog post stated:
“Mars Stealer written in ASM/C with using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesn’t use CRT, STD.”

Mars Stealer can easily harm crypto extensions, including popular wallets such MetaMask, Math Wallet, Nifty wallet, Coinbase wallet, Binance Chain Wallet, DAppPlay and Tron Link. 3xp0rt also reports that the Malware targets extensions based on Chromium except for Opera.

Mars Stealer can also extract valuable information like IP & country, time, processor model, language keyboard layout, computer name, username, machine ID, GUID, installed software and their versions, user name, and domain computer name.

Mars Stealer initially extract the user’s country of origin to check whether the user belongs to a commonwealth of independent states. If a user’s ID belongs to countries such as Russia, Kazakhstan, Belarus, Azerbaijan, and Uzbekistan, then the malware will not perform any harmful activity.

Mars Stealer is known to invade the extensions of wallets by spreading through numerous channels, including file-hosting websites, torrent clients, and dubious websites. Once it enters the crypto wallet extension, the malware then performs the theft by sabotaging the wallet’s personal keys and security features and later exits the extension after deleting any visible traces of the theft.

The security of cryptos and digital assets has been a major issue in the crypto domain. The investors have to be cautious and pay extra attention while investing in crypto and digital assets.


Read More:

WazirX Special Offer: Use this link to register to get 50% off trading fees.

More articles


Please enter your comment!
Please enter your name here

Latest article