Max E.Wed, Feb 2, 2022 3:27 PM
New Malware Targets Dozens Of Crypto Wallets
Social media users have reported the emergence of new Mars Stealer malware that steals cryptocurrencies.
Thousands of users have already suffered from it. The researcher @3xp0rt has written in detail about the principles of its work and history. He revealed that the product was based on an old, abandoned Oski Stealer code base.
According to @3xp0rt, the new Mars Stealer is just 95KB in size. However, it poses huge problems for the security of users. The virus is capable of stealing cryptocurrency assets from many popular browser extensions. These include wallets such as MetaMask, Guarda, Binance Chain Wallet, Coinbase Wallet, Bitcoin Core, Electrum, Atomic and others.
The program is capable of hacking two-factor authentication (2FA) services Authy and GAuth Authenticator and a number of popular browsers such as Mozilla Firefox, Opera and Brave.
To carry out malicious actions, Mars Stealer uses a special grabber. It allows you to extract the necessary information from the structure of the software and provides access to the private information of applications and extensions, as well as 2FA plugins.
According to users, this virus appeared on cybercriminal forums last summer. It spreads and infects users' systems through free file-sharing services, torrent clients, and other downloaders.
The researchers have noticed a curious thing. Malicious software checks the geolocation of the user. If it is located in the territory that was previously a part of the Commonwealth of Independent States (CIS), then the program stops performing fraudulent activities. Consequently, the citizens of Russia, Ukraine, Belarus, Kazakhstan and a number of other countries are safe.