“Mars Stealer”, a new Malware that is working as a browser extension is targeting Crypto wallets to steal Crypto stored by the users.
According to 3xp0rt, a security researcher it has been finding out that Mars Stelar is the upgraded version of Oski Trojan whose main aim is to target cryptocurrency stored in people’s wallets by attacking the browser extension of the wallet.
— 3xp0rt (@3xp0rtblog) February 1, 2022
Mars stealer is all set to attack browser-based Crypto wallet
3xp0rt is of the view that by navigating through the security features of the wallet, Mars stealer attacks more than 40 browser-based wallets and is considered to be one of the most powerful Malware. The two-factor authentication security features help this malware to grab different functions and become successful in stealing the private keys of a user’s wallet. One of the official blog posts stated that-
“Mars Stealer written in ASM/C with using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesn’t use CRT, STD.”
The report generated by 3xp0rt says that this malware can easily threaten various Crypto extensions that also include the most popular wallets like Nifty wallet, Binance Chain wallet, MetaMask, Coinbase wallet, and Tron link. This report also states that except Opera, Mars stealer is targeting extension based on chromium. This Malware also makes access to your valuable information including machine ID, computer name, processor model, installed software, GUID, computer domain name, and username.
Another feature of Mars stealer is that before making an attack, it makes a prior check about the country of origin of the user to check whether the user belongs to the Commonwealth of Independent States or not. If it finds out that user ID belongs to countries like Belarus, Russia, Azerbaijan, Kazakhstan, or Uzbekistan then this Malware will not attack or show any negative activity to the user id and will exit the application.
This Malware invades the wallet’s extension by spreading through various channels including Torrent clients, file hosting websites for dubious websites. Once Mars stealer enters your Crypto wallet extension then it will be able to steal wallets security features and other personal keys and later on, after deleting visible traces of the theft it exit the extension.
Now, the security of the Crypto wallet has become a hot topic for discussion as nowadays various scams and theft reports have been seen in the cryptocurrency domain. The introduction of this new Malware has created a threatful situation in investors’ minds and they are advised to be cautious enough and should pay extra attention while storing their cryptocurrencies in browser-based wallet extensions.