New Mars Stealer malware targets Chrome-based browser crypto wallets

Scams and crypto-malware are more rampant than ever. (Image Source: Comodo cWatch)

Security researcher warns that the Mars Stealer malware is now affecting Chrome-based browser crypto wallet extensions like MetaMask, Coinbase wallet and Binance chain wallet, plus it also compromises 2FA authenticators like Microsoft's Authenticator and Authy. Extensions for Firefox and Opera are not affected, but Mars Stealer may still hijack site credentials on these two browsers.

Bogdan Solca, Published 02/04/2022 🇫🇷 🇪🇸 ...

Cryptocurrency Security

As cryptocurrencies are making their final push for mainstream adoption, more and more malicious third parties are jumping in to profit from users with very little experience in the ever-shifting crypto world. Scams are rampant and many crypto-exploiting malware programs like the new Mars Stealer are spreading very fast. According to a report from security researcher 3xp0rt, Mars Stealer is based on a 2020 Oski shell and is extremely lightweight at 95 kb. It is written in ASM/C using WinAPI and does a great job at hiding its actions, to the point where it deletes itself after stealing the password + seed phrase.

The Mars Stealer exploit can only identify crypto wallet credentials from Chrome-based browsers. Firefox and Opera appear to be safe from extension-specific attacks, but they remain vulnerable to site credential hijacking. Some of the more popular crypto wallet extensions affected by Mars Stealer include MetaMask, Binance Chain Wallet, Coinbase Wallet and Coin98 Wallet. It also affects 2FA authenticator extensions like Authenticator, Authy and Trezor Password Manager, plus specific coin wallets like Bitcoin Core, Ethereum, Exodus, Binance etc.

This malware is easily spread through file-hosting websites, torrents and cleverly camouflaged download links. It has a very peculiar method of operation as it first checks the OS language and if it identifies this being associated with Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, it deletes itself without causing any harm. Otherwise, it proceeds to attack the kernel32.dll file and then finds the default web browser app data folder with the user info.

CoinTelegraph informs that Mars Stealer is currently available for only $140 on the dark web forums. Users that are holding cryptocoins in browser-based wallets should be wary as far as downloads from dubious sites are concerned, and eventually migrate to a hardware wallet for added protection.

Buy the Ledger Nano X Crypto Hardware Wallet on Amazon

Source(s)

3xp0rt

via CoinTelegraph

An Android trojan resurface by piggybacking on apps available on Google Play. (Image via Android w/ edits)

Anatsa malware targeting European Android users via apps on Google Play app store 02/19/2024

The new Opera One browser powered by AI. (Source: Opera)

AI-powered Opera One browser hits the market, features ChatGPT integration with live web results 06/20/2023

The new Ledger Nano S Plus crypto hardware wallet offers most Nano X features on the cheap 04/10/2022

A new malware has been discovered by cybersecurity firm ThreayFabric on the Play Store. (Image: RoonZ.nl via Unsplash)

A new money-stealing malware makes rounds on Google Play Store posing as an innocent app with over 50,000 downloads 02/24/2022

The United States Department of Justice seized $3.6 billion in bitcoins this morning. (Image via US DOJ)

United States Department of Justice seizes over US$3 billion in cryptocurrency related to 2016 Bitfinex hack 02/08/2022

A team of researchers has developed a malware detection system for Raspberry Pi. (Image source: Jainath Ponnala via Unsplash)

Researchers build novel malware detection system for Raspberry Pi 01/13/2022

Bad actors were previously able to take advantage of a vulnerability in AppX installer that allowed them to spread malware. (Image: RoonZ.nl via Unsplash)

Microsoft patches spoofing vulnerability that was exploited to spread malware 12/16/2021

Security firm flags crypto wallet credentials malware tucked into a hacky KMSPico Windows activator 12/06/2021

Joker malware discovered in multiple apps with thousands of installs on the Google Play Store 11/23/2021

The Discord CDN network is apparently being abused to send malware masquerading as images, video, or text (Image source: Discord)

Hackers are using Discord to send malware and remote-access trojans, putting millions of users at risk 10/30/2021

Loading Comments

Comment on this article

Oppo Find X5 Pro specifications and...

The Intel Core i7-12700H dispatches...

Bogdan Solca - Senior Tech Writer - 2253 articles published on Notebookcheck since 2017

I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.

contact me via: Facebook

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2022 02 > New Mars Stealer malware targets Chrome-based browser crypto wallets

Bogdan Solca, 2022-02- 4 (Update: 2022-02- 4)

New Mars Stealer malware targets Chrome-based browser crypto wallets

Source(s)

Related Articles