According to 3xp0rt, Mars Stealer, an enhanced malware variant of the Oski Stealer virus released in November 2019, can reap cryptocurrencies from popular browser plugins, according to USAPTC. The new deadly spyware targets browser-based bitcoin wallets. The malicious malware dubbed Mars Stealer can obtain private keys and logins to 2-Factor Authenticator (2FAs) plugins.
“Mars Stealer written in ASM/C with using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secured SSL-connection with C&C, doesn’t use CRT, STD.”
Report by 3xp0rt
A malware that can steal your credentials
Mars Stealer is the newest version of Oski Stealer. This virus first surfaced in 2019 and was used to capture personal and sensitive information afterward sold for sale on Russian underground hacker forums.
The malicious program acts by gathering material and information from affected devices. It employs specific ways to harvest information from the memory of browser extensions, bitcoin wallets, and 2FAs.
Being a lightweight virus of only 95kb weight, Mars Stealer does not strain the infected operating system and hence does not emit any clear signals of it being infiltrated. Apart from that, it has the capacity to delete itself when the data has been stolen.
Who is under threat?
As of now, the primary victims of this malware threats are:
Browser extensions: Internet Explorer, Microsoft Edge (Chromium Version), Kometa, Amigo, Torch, Orbitium, Comodo Dragon, Nichrome, Maxxthon5, Maxxthon6, Sputnik Browser, Epic Privacy Browser, Vivaldi, CocCoc, Uran Browser, QIP Surf, Cent Browser, Elements Browser, TorBro Browser, CryptoTab Browser, Brave, Opera Stable, Opera GX, Opera Neon, Firefox, SlimBrowser, PaleMoon, Waterfox, CyberFox, BlackHawk, IceCat, K-Meleon, Thunderbird.
Crypto extensions: TronLink, MetaMask, Binance Chain Wallet, Yoroi, Nifty Wallet, Math Wallet, Coinbase Wallet, Guarda, EQUAL Wallet, Jaox Liberty, BitAppWllet, iWallet, Wombat, MEW CX, Guild Wallet, Saturn Wallet, Ronin Wallet, Neoline, Clover Wallet, Liquality Wallet, Terra Station, Keplr, Sollet, Auro Wallet, Polymesh Wallet, ICONex, Nabox Wallet, KHC, Temple, TezBox Cyano Wallet, Byone, OneKey, Leaf Wallet, DAppPlay, BitClip, Steem Keychain, Nash Extension.
2FA plugins: Authenticator, Authy, EOS Authenticator, GAuth Authenticator, Trezor Password Manager.
Crypto wallets: Bitcoin Core and all derivatives (Dogecoin, Zcash, DashCore, LiteCoin, etc.), Ethereum, Electrum, Electrum LTC, Exodus, Electron Cash, MultiDoge, JAXX, Atomic, Binance, Coinomi.
How to stay safe from the malware?
Crypto wallet security has frequently been a contentious issue for discussion as many scams and theft reports have taken place in the cryptocurrency world. The malware’s primary means of spreading include scandalous distribution channels, unauthorized file-hosting, and P2P sharing websites.
To limit the chance of malware infection, experts suggest frequently upgrading apps and software. It is also crucial not to utilize unapproved or unverified web sources and not click fishy emails, links, or files.