Hodler’s Alert! New malware attacks MetaMask and 40 other cryptocurrency wallets

Security has never been the strong point of browser-based wallets for storing bitcoin (BTC), ether (ETH), and other cryptocurrencies. However, a new malware further complicates the security of online wallets by directly targeting cryptocurrency wallets that work as browser extensions, such as MetaMask, Binance Chain Wallet or Coinbase Wallet.

According to security researcher 3xp0rt, the new malware, dubbed Mars Stealer by its developers, is a powerful 2019 update of the information-stealing Oski Trojan. It targets more than 40 browser-based cryptocurrency wallets, along with popular extensions for the Two-factor authentication (2FA), with a grab feature that steals users’ private keys.

MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet and TronLink are some of the wallets being targeted. The security expert points out that the malware can attack Chromium-based browser extensions other than Opera. Unfortunately, this means that some of the most popular browsers like Google Chrome, Microsoft Edge, and Brave have made it onto the list. Additionally, while safe from extension-specific attacks, Firefox and Opera are also vulnerable to credential hijacking.

Hodler’s Alert!  New malware attacks MetaMask and 40 other cryptocurrency wallets
Hodler’s Alert! New malware attacks MetaMask and 40 other cryptocurrency wallets

Mars Stealer can be distributed through various channels such as file hosting websites, torrent clients and other suspicious downloaders. After infecting a system, the malware first checks the device’s language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software exits the system without performing any malicious actions.

For the rest of the world, the malware targets a file that contains sensitive information, such as B. Cryptocurrency wallet address information and private keys. After that, it will exit the system and erase any presence once the heist is complete.

Hackers are currently selling Mars Stealer for $140 on dark web forums, which means the Trojan’s barrier to entry for malicious actors is relatively low. Users who store their crypto assets in browser-based wallets or use browser extensions like Authy to use 2FA are cautioned not to click on suspicious links or downloads.

Similar Posts