New Malware Emerges That Targets Coinbase Wallet, MetaMask and Other Crypto Extensions: Report

A new type of malware has surfaced that can compromise crypto wallets and extensions, putting investors at risk of hacks.

According to a new blog post by network security expert 3xp0rt, a piece of malware known as Mars Stealer – an improved version of information bootlegger Oski Stealer – has emerged to prey on web browsers, crypto extensions and crypto wallets.

Some of the popular web browsers the malware affects are Internet Explorer, Firefox, Microsoft Edge and Thunderbird.

It also preys on crypto extensions such as MetaMask, TronLink, Binance Chain Wallet and Coinbase Wallet while also targeting wallets such as Bitcoin Core and its derivatives. Wallets under MultiDoge and Ethereum could also potentially be affected.

However, 3xp0rt notes that the malware only targets crypto extensions on Chromium-based browsers other than Opera.

The cybersecurity expert says that Mars Stealer operates by getting a handle of a computer’s internal library files to conduct a complex series of technical coding reconfigurations to do its bidding.

To steal a user’s wallet information, the malware targets sensitive data stored in the wallet.dat file. The file contains information such as the address and private key access data, according to the internet security expert. The malware also has a built-in grabber, loader, and self-removal feature.

“Mars Stealer is an improved version of Oski Stealer. [It] has added [functionality]: anti-debug check, crypto extension stealing, but Outlook stealing is missing. The code has been refactored, but some algorithm remained stupid as in Oski Stealer.”

Check Price Action

Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox

Follow us on Twitter, Facebook and Telegram

Surf The Daily Hodl Mix



Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/studiostoks


Tagged : / / / / / / / / / / / / / /

Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

Security was never the strong suit of browser-based crypto wallets to store Bitcoin (BTC), Ether (ETH) and other cryptocurrencies. However, new malware makes the safety of online wallets even more complicated by directly targeting crypto wallets that work as browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet.

Named Mars Stealer by its developers, the new malware is a powerful upgrade on the information-stealing Oski trojan of 2019, according to security researcher 3xp0rt. It targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys.

MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet and TronLink are listed as the targeted wallets. The security expert notes that the malware can target extensions on Chromium-based browsers except Opera. Sadly, it means some of the most common browsers like Google Chrome, Microsoft Edge and Brave made it to the list. Also, while they are safe from extension-specific attacks, Firefox and Opera are also vulnerable to credential-hijacking.

Related: ‘Less sophisticated’ malware is stealing millions: Chainalysis

Mars Stealer can be spread through various channels like file-hosting websites, torrent clients and any other shady downloaders. After infecting a system, the first thing the malware does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software leaves the system without any malicious action.

For the rest of the world, the malware targets a file that holds sensitive information like crypto wallets’ address info and private keys. It then leaves the system by deleting any presence once the theft is complete.

Hackers are currently selling Mars Stealer for $140 on dark web forums, meaning the barrier to access the trojan is relatively low for malicious actors. Users who hold their crypto assets on browser-based wallets or use browser extensions like Authy to utilize 2FA are warned to be cautious against clicking dubious links or downloads.