Although wallets used to store Bitcoin (BTC), Ethereum (ETH) and other cryptocurrencies are secure, problems may arise from time to time. Taking advantage of this, malicious software threatens crypto wallets with browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet.
Mars Stealer Threatens Many Wallets
Dubbed Mars Stealer, this malware is seen as an enhanced version of the Oski trojan, according to security researcher 3xp0rt. Mars Stealer can steal users’ two-factor authentication (2FA) extensions and gain access to their private keys.
Targeted wallets; MetaMask is listed as Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet, and TronLink. Security experts state that the processes performed in Chromium-based browsers are also under threat. Therefore, it is stated that widely used browsers such as Google Chrome, Microsoft Edge and Brave have entered the list of threats. Although browsers with different extensions such as Firefox and Opera are safe from these attacks, it is recommended that they also develop some form of protection against this threat.
Does This Malware Choose a Country?
It is thought that Mars Stealer could spread through various channels such as file hosting websites, torrenting and other downloads. The first thing this software does after infecting a system is to check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software exits the system without any malicious action.
But for the rest of the world, this software targets crypto wallets files that hold sensitive information such as addresses and private keys. It then leaves the system, stealing crypto assets and deleting all transaction history.
Mars Stealer retails for $140 on darkweb forums. This means that this malware can fall into the hands of many malicious people. Security experts warn users who keep their crypto assets in browser-based wallets or use browser extensions like Authy to beware of suspicious links or downloads.