Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/powerful-new-oski-variant-mars-stealer-grabbing-2fas-and-crypto/
A new and powerful malware named ‘Mars Stealer’ has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020.
Mars Stealer is an information-stealing malware that steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.

Additionally, the malware can exfiltrate files from the infected system and relies on its own loader and wiper, which minimizes the infection footprint.

From Oski to Mars Stealer​

In July 2020, the developers behind the Oski information-stealing trojan suddenly shut down their operation after no longer responding to buyers and the closing of their Telegram channel.
Fast forward almost a year later, and a new information-stealing malware called 'Mars Stealer' began to be promoted on Russian-speaking hacking forums.
... ...
Click to expand...
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, upnorth, HarborFront and 1 other person
enaph

enaph

Level 28
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,789
Users are warned against a new malware designed to steal crypto from browser extension wallets like MetaMask and Coinbase Wallet.

Security was never the strong suit of browser-based crypto wallets to store Bitcoin (BTC), Ether (ETH) and other cryptocurrencies. However, new malware makes the safety of online wallets even more complicated by directly targeting crypto wallets that work as browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet.

Named Mars Stealer by its developers, the new malware is a powerful upgrade on the information-stealing Oski trojan of 2019, according to security researcher 3xp0rt. It targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys.

MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet and TronLink are listed as the targeted wallets. The security expert notes that the malware can target extensions on Chromium-based browsers except Opera. Sadly, it means some of the most common browsers like Google Chrome, Microsoft Edge and Brave made it to the list. Also, while they are safe from extension-specific attacks, Firefox and Opera are also vulnerable to credential-hijacking.
Click to expand...
cointelegraph.com

Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

Users are warned against new malware designed to steal crypto from browser extension wallets like MetaMask and Coinbase Wallet.
cointelegraph.com cointelegraph.com
 
  • +Reputation
Reactions: upnorth
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
    • Wow
New Mystic Stealer malware increasingly used in attacks
Replies
12
Views
1,747
News Archive
Brahman
Brahman
vtqhtr413
    • Like
    • +Reputation
New Stealc malware emerges with a wide set of stealing capabilities
Replies
1
Views
765
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
    • Thanks
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges
Replies
0
Views
557
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top