“Mars Stealer” Malware Can Grab Your Crypto

Key Takeaways

  • Mars Stealer is an improved copy of its predecessor, the Oski Stealer.
  • The malware uses special techniques to collect information from the memory of crypto browser extensions, wallets and 2FAs.
  • Credential theft malware continues to be one of the most prevalent types of malware used in cyberattacks.

Share this article

An improved copy of the Oski Stealer malware (first introduced in November 2019) known as “Mars Stealer” has appeared in the wild and is capable of stealing crypto from popular browser extensions.

A Lightweight, Malicious Program

Mars Stealer is a lightweight malicious program of just 95KB in size, but the security issue it represents is no small thing.

Mars Stealer uses a custom grabber to retrieve its configuration from the command and control infrastructure and then proceeds to target application data from popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets. 

The Trojan malware began circulating on Russian-speaking hacking forums in the summer of 2021 and is able to infect systems through dubious download channels (e.g., unofficial and free file-hosting websites, peer-to-peer sharing networks such as torrent clients, and other third-party downloaders).

Amongst the most popular list of cryptocurrency browser plug-ins Mars Stealer is capable of exploiting are MetaMask, Binance Chain Wallet, Nifty Wallet, Coinbase Wallet and Guarda. It is also capable of exploiting Bitcoin Core, Electrum, Exodus, Atomic, Binance, Coinomi.

Two-factor authentication applications such as Authy and GAuth Authenticator, as well as web browsers such as Brave, Opera, and Firefox, are also susceptible to being targeted by the Mars Stealer.

One particularly interesting feature of this malicious software is that it checks if a user is based in a country that is historically part of the Commonwealth of Independent States. If the device’s language ID matches Russia, Belarus, Kazakhstan, Azerbaijan, Uzbekistan, and Kazakhstan, the program will exit without performing any malicious behavior.

In summary, this form of malware can cause multiple headaches to its victims, including system infections, privacy issues, financial losses, and identity theft. A detailed technical analysis of the malware can be read in this publication by researcher @3xp0rt.

Disclosure: At the time of writing, the author of this feature owned ETH and several other cryptocurrencies. 

Share this article


Tagged : / / /

Mastercard Attains CipherTrace to Boost Security and Fraud Detection in the Crypto Ecosystem

Payment giant Mastercard announced the acquisition of CipherTrace, a leading cryptocurrency intelligence company, to offer businesses powerful intelligence about the crypto economy as digital assets continue becoming more intertwined with daily activities.

In a statement, Mastercard revealed the expectation for crypto consumers to have peace of mind about their investments. As a result, the acquisition will help the card issuer offer crypto users significant security and fraud detection apparatus by highlighting the risks and regulatory obligations. 

Ajay Bhalla, the president of cyber & intelligence at Mastercard, welcomed the move and said:

“With the rapid growth of the digital asset ecosystem comes the need to ensure it is trusted and safe. Our aim is to build upon the complementary capabilities of Mastercard and CipherTrace to do just this.”

He added that digital assets emerged to be more inclusive and efficient based on their capability to reshape commerce.

Boosting transparency in crypto assets

CipherTrace has carved a niche for itself in the crypto space based on its innovative platform, which boosts fraud monitoring and security for crypto-related programs.

For instance, the intelligence company unveiled a predictive risk-scoring model intended to instantly avert money laundering of cryptocurrencies from ransomware attacks and theft in July 2020.

At the time, Twitter had been hacked, and high-profile figures like Jeff Bezos, Joe Biden, Elon Musk, and Bill Gates were hit by a massive Bitcoin scam. 

The acquisition will enable the integration of different technologies like artificial intelligence (AI), blockchain, and cyber security for a safer crypto ecosystem.

Per the announcement: “The deal enables Mastercard to combine the technology, AI and cyber capabilities of both companies to differentiate its card and real-time payments infrastructure, allowing customers and stakeholders globally to build upon and benefit from the solutions to protect their consumers and comply with regulations, as they build their own virtual asset offerings.”

Mastercard continues to stamp its authority in the crypto space. For example, the payment giant launched a crypto program dubbed Start Path to support fast-growing cryptocurrency, digital assets, and blockchain companies in July this year. 

Image source: Shutterstock


Tagged : / / / / / / / /
Bitcoin (BTC) $ 37,902.16 2.53%
Ethereum (ETH) $ 2,052.72 2.13%
Litecoin (LTC) $ 69.54 1.25%
Bitcoin Cash (BCH) $ 222.39 0.09%