While cryptocurrency wallet browser extensions make it easier to interact with DApps, stored funds are at risk with the emergence of Mars Stealer malware, which can steal credentials and private keys.
Users of wallets cryptocurrencies, that can be installed as browser extensions, such as MetaMask, Coinbase Wallet and Ronin Wallet, just to mention some of the most popular, are facing a new danger with the emergence of a new malware called Mars Stealer.
The new malware, described by the programmer and cybersecurity analyst 3xp0rt As a copy of Oski Stealer, it is a new and sophisticated malware that can steal cryptocurrencies from about 40 digital wallet extensions like MetaMask. In its blog, 3xp0rt notes that Mars Stealer can capture information from wallets, steal user login credentials, access the private keys and even intercept 2FA (Two-Factor Authentication) extensions, all in order to steal the cryptocurrencies stored in these digital wallets.
It may interest you: Cybersecurity: New malware that targets cryptocurrencies detected from Telegram
Mars Stealer, designed to steal cryptocurrencies
Written in ASM/C (C language) and weighing 95 KB, the Mars Stealer malware is designed to collect information about passwords, cookies, browsing history, auto-fills, and more. This malware can access and capture users’ private information such as cryptocurrency wallet addresses, login credentials, and private keys.
Mars Stealer collects and analyzes a large amount of private information from users, such as data from location, such as IP, country and time zone; data from the hardware, such as processor model, computer and user name and machine identifier; with , such as the installed operating system, the available version, and the GUID number, a globally unique identifier implemented by Microsoft. 3xp0rt explains that if the analysis of the data detects locations such as Kazakhstan, Uzbekistan, Azerbaijan, Russia, or Belarus, Mars Stealer will not run.
To steal data, Mars Stealer uses various data obfuscation and anti-analysis techniques to avoid detection.
Which cryptocurrency wallets are affected by Mars Stealer?
According to research conducted by 3xp0rt, the malware can steal cryptocurrency from 40 digital wallet extensions, which are shown in the following table:
Own edition with data published in the 3xp0rt report
These wallet extensions can be affected by Mars Stealer from browsers compatible with Chrome V80, such as: Internet Explorer, Microsoft Edge in its Chromium version, Orbitium, CryptoTab, Firefox, CyberFox, Thunderbird and even Brave and Opera Stable, Opera GX and Opera Neon, among others.
On the other hand, 3xp0rt noted that the 2FA plugins that the new cryptocurrency malware can access are: Authenticator, Authy, EOS Authenticator, GAuth Authenticator, and Trezor Password Manager.
Safety recommendations
At the moment, this malware only affects the Windows operating system. Therefore, it is recommended that users of this operating system update their malware and antivirus security solutions to protect themselves from Mars Stealer. Users of other operating systems, such as MacOS and GNU/Linux, are best advised to avoid downloading files and browsing suspicious websites of dubious quality and origin.
Continue reading: How did Joe Grand hack Dan Reich's Trezor wallet?
