Key Facts.

  • The virus attacks MetaMask extensions, Coinanchain wallets, Coinbase wallets, and more.
  • The virus sells for about $140 on dark web forums.

A new malware threatens the security of desktop digital wallets. It is capable of stealing sensitive information, such as private keys, and extracting Bitcoin (BTC) without leaving a trace. It is Mars Stealer, an information thief that affects no less than 40 wallets.

Research site 3xp0rt revealed that the virus is an update to the famous Oski Trojan of 2019, which attacks digital currency packages primarily based on browser extensions as well as two-factor authentication (2FA) extensions. .

Affected browser extensions include MetaMask, CoinAnchor Wallet, Coinbase Wallet, Ronin Wallet, Saturn Wallet, and TronLink. The virus also targets Chromium-based browsers. In other words, most popular browsers, such as Google Chrome or Microsoft Edge, are breeding grounds for this malware.

The virus, which is sold on the Dark Web for around $140, also attacks wallets from Bitcoin Core (used with Dogcoin, Zcash, Dash, Litecoin, etc.). In addition to Electrum, Binance, Exodus, etc., ethereum wallets are also affected.

How does it attack?

As explained by 3xp0rt, Mars Stealer spreads through various channels, such as torrent clients or file hosting sites. When a user clicks on a download link from a suspicious source, it reaches the system.

Once inside the computer, the virus checks the language of the terminal. Interestingly, if it detects that you are from Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the malware leaves the device and does not harm it.

If the language is another language, the virus will go directly to the files where sensitive information is located, such as wallet addresses and private keys, which are essential for full management and control of cryptocurrencies. Once it gets what it wants, the virus leaves the computer and removes all traces indicating that it has compromised the computer's security.

malware-ofertado-foros-darkweb.jpg.webp The malware is being made available on forums within the dark web. Source: 3xp0rt.

According to information provided by the virus on dark web forums, the malware weighs only 95 kb and encrypts the strings used by the currency, collects all logs in memory and maintains a secure SSL connection with the command server. The virus compiles cryptocurrency, cookies, autofill, browsing history and file download failures.

Is there a way to take care of yourself?

Since viruses are notorious for being transmitted from the Internet to computers, experts urge caution where they click, as they may risk letting this malware through.

According to CoinDesk The Hash staff and Compass mining content director Will Foxley, the virus is a "very good opportunity" to learn how to protect private keys, especially on platforms like MetaMask, which have a large number of users.

“It’s very easy to take these keys and steal your tokens. That’s all there is to it. There are tons of people who continue to have their seeds, and they get stolen over and over again. The reason is simple: they share it with others when they shouldn’t. This is the first rule in cryptocurrency. Don’t share your private keys. Not even your mom. Don’t share it with your dad, it’s okay. Don’t share it. Take it to the grave.”

Will Foxley, Director of Content, Compass Mining.

For Foxley, the importance of all this is to "teach people the basics of how to protect their wallets". For this reason, it promotes the use of cold wallets or hardware wallets, as extensions are "easy to steal".

He agreed with the program's host, Naomi Brockwell, who stressed the need to be careful when using cryptocurrencies. "I'm completely skeptical of all browser extension wallets. There are a lot of cybersecurity experts who have studied this in depth and just say it's very insecure," he said.

A range of malware on the prowl

This new malware, which can put people's private information in the wrong hands, reminds us that by 2022, hackers could be using a whole host of viruses to affect others.

debate-alternativas-para-no-ser-vulnerados.jpg.webp Experts discuss the best alternatives for avoiding harm from this new malware. Source: CoinDesk.

As reported by CriptoNoticias, these viruses are designed to steal funds from regular cryptocurrency users. According to blockchain analytics firm Chainalysis, which casually highlighted that the malware was sold on the dark web.

In light of this, users are urged not to click on suspicious links and not to expose their private information. These are some of the ways in which the integrity of the currency can be safeguarded.