New Malware “Mars Stealer” Steals People’s Crypto

A cryptocurrency market is an ideal place for scams and malware. Unfortunately, another one has hit the industry.

According to the security report from 3xp0rt, Mars Stealer is another form of malware looking to steal cryptocurrency. It’s an upgrade from 2019 Oski Trojan and can loot crypto stored in browser-based wallets.

Mars Is a Powerful Malware

According to the report, Mars is a powerful malware that can attack over 40 browser-based wallets. It carefully navigates through the wallet’s security features, even the two-factor authentication, and uses a grabber function to steal the private keys.

Mars Stealer is written in ASM/C, using WinApi, and weighs 95 kb. Furthermore, it uses special techniques to hide WinApi cells, encrypt strings, collect information in memory, and so on.

Mars Stealer can easily endanger popular crypto wallets, such as MetaMask, Nifty wallet, Coinbase wallet, Binance Chain Wallet, and Tron Link. This malware targets wallets based on Chromium except for Opera.

In addition to stealing digital assets, Mars Stealer can also extract valuable information about the device it attacks, such as machine ID, GUID, computer name, installed software versions, user name, and domain computer name.

The most interesting feature of this new malware is that it also checks the victim’s country of residence. Specifically, it’s looking to see whether the person lives in the independent states. For example, if the user ID belongs to Russia, Kazakhstan, Belarus, and similar countries, the virus won’t perform any actions and will leave the application.