According to security researcher 3xp0rt, Mars stealer is an advanced upgrade of the 2019 Oski Trojan and can loot cryptocurrency stored in people’s wallets by attacking the wallets’ browser extensions.
New malware is attacking browser-based crypto wallets
According to 3xp0rt, Mars Stealer is powerful malware that attacks 40+ browser-based wallets by carefully navigating through the wallet’s security features such as two-factor authentication with the help of a grabber function that steals private keys of a user’s wallet.
The official blog post stated:
“Mars Stealer written in ASM/C with using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesn’t use CRT, STD.”
Mars Stealer can easily jeopardize crypto extensions, including popular wallets such MetaMask, Nifty wallet, Coinbase wallet, Binance Chain Wallet, and Tron Link. 3xp0rt also reports that the Malware targets extensions based on Chromium except for Opera.
Mars Stealer can also extract valuable information concerning processor model, computer name, machine ID, GUID, installed software and their versions, user name, and domain computer name.
Another interesting feature of this malware is that Mars Stealer performs a prior check on a user’s country of origin to check whether the user belongs to a commonwealth of independent states. If a user’s ID belongs to countries such as Russia, Kazakhstan, Belarus, Azerbaijan, and Uzbekistan, the program will not perform any negative activity and will exit the application.
Mars Stealer is known to invade the extensions of wallets by spreading through numerous channels, including file-hosting websites, torrent clients, and dubious websites. Once it enters the crypto wallet extension, the malware then performs the theft by sabotaging the wallet’s personal keys and security features and later exits the extension after deleting any visible traces of the theft.
Crypto wallet security has often been a heated topic for discussion as multiple scams and prevalent theft reports have taken place in the cryptocurrency domain. The report of new malware being rampant is also issued in a bid to warn investors to be cautious and pay extra attention while storing cryptocurrencies in browser-based wallet extensions.
CryptoSlate Newsletter
Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.
On-chain analysis
Price snapshots
More context