The security researcher 3xp0rt indicates that Mars Stealer, new malware named by its creators, is a strong addition to the information-robbing Oski Trojan of 2019.
The malware attacks browser-based crypto wallets, two-factor authentication extensions along with:
A custom grabber with multiple functions.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Can Russia Use Crypto to Bypass Sanctions? (Animated)
To put it simply, the grabber function steals users’ private keys.
Browser-based crypto wallets that are designed to keep Bitcoin, Ether, and other currencies, always had weaker security, to begin with. Furthermore, the malware attacks wallets that work as browser extensions - Binance Chain Wallet, Coinbase Wallet, and MetaMask. Making the security aspect even more complicated.
Besides these, Nifty Wallet, MEW CX, Ronin wallet, and TronLink are also on the target list. An important factor is that the malware can affect extensions on Chromium-based browsers, therefore, only Opera is in the safe zone. However, Opera and Firefox are both unsafe when it comes to credential-hijacking.
Speaking of which, Google Chrome, Microsoft Edge, and Brave can also be found in the malware target list. Also, once malware does its business in the file that holds sensitive information, it leaves and deletes any tracks of its existence.
After infecting the system, Malware will check the language of the device, if the language is matched with Uzbekistan, Azerbaijan, Belarus, Kazakhstan, or Russia, the program exits the system without causing any harm.
Individuals who store their crypto assets in browser-based wallets or use browser extensions like Authy to perform two-factor authentication should be wary of clicking on suspicious links or downloading unknown files.
At the moment, Mars Stealer is being sold by hackers for $140 on the dark web forums.