Mars Stealer - dangerous malware that silently steals cryptocurrency
In early February, security researcher 3xp0rt published detailed analysis of this malicious code. Accordingly, Mars Stealer is an upgrade of the Oski (2019) trojan and can rob the cryptocurrency stored in the user's wallet by attacking the wallet's browser extensions.
'Mars Stealer is written in ASM/C using WinApi, about 95kb in size. Use special techniques to hide WinApi commands, encrypt strings, collect in-memory information, support secure SSL connection with C&C, don't use CRT, STD', 3xp0rt description.
Mars Stealer is a concern as it targets many popular browsers, security browsers and crypto wallets
3xp0rt notes that Mars Stealer can easily hack crypto-related extensions, including popular wallets like MetaMask, Nifty wallet, Coinbase wallet, Binance Chain wallet, and Tron Link. This malicious code targets Chromium kernel extensions, so browsers like Google Chrome, Coc Coc or Microsoft Edge (chromium version) will be affected.
In addition, Mars Stealer can extract valuable computer related information such as processor, computer name, machine ID, GUID, installed software and their versions, username and name computer domain.
As for how it works, the malware gets into wallet extensions by spreading through various sources, including file hosting sites, torrent clients, and untrusted sites. After breaking into the crypto wallet extension, the malicious code will break the private key as well as the two-factor security (Google Authenticator, Authy, GAuth Authenticator or Trezor Password Manager), and then delete all traces of theft. steal and get rid of the extension.
In addition, Mars Stealer has the ability to "evade" security software by hiding API calls and string encryption techniques, while the collected information will be protected in device memory and transmitted. download via SSL method. Therefore, detecting, preventing and tracing becomes extremely difficult.
However, an unusual point on Mars Stealer is that this software will first check the user's country of origin. If the user's language is Azerbaijani, Russian, Kazakh, Belarusian, Azerbaijani or Uzbekistani, this program will not commit bad behavior and just quietly withdraw.
With certain regional and language configurations, malicious code will "let go"
Up to now, there have not been any statistics on the number of victims of this malicious code. However, these malware targets have tens of millions of users, raising huge security concerns.
You should read it
- Warning: Panda Stealer malware is stealing your cryptocurrency
- Leveraging BNB for Optimal Yields on Binance Savings
- Dogecoin increased sharply after listing on Coinbase Pro
- US Investigates Binance's 2017 Cryptocurrency Issue
- Cryptocurrencies depreciate, Binance sets up a web 3.0 investment fund
- Instructions for installing and using Authy
- Detecting botnets that can easily bypass Windows Defender and steal crypto wallet data
- The largest cryptocurrency hack in history has just taken place, causing more than 600 million USD in damage
- 6 best alternatives to Authy desktop application
- How does human body change in Mars?
- Looking back at NASA's Mars exploration process over the past 20 years
- The strangest objects ever taken on Mars surprised many
Maybe you are interested
Nearly 2,000 Bitcoin millionaire wallets were created every day during this cycle
Finding the Bitcoin wallet from 10 years ago, the guy made 500 times more profit
2 more 'ancient' Bitcoin wallets revived after a decade of freezing
How to add unsupported cards to Apple Wallet
What is the Wallet feature of Microsoft Edge?
How to lock Zalo QR Wallet with fingerprints for information security