Mars Stealer Malware Targets Browser-Based Crypto Wallet Extensions

Malware remains one of the biggest threats to cryptocurrency users worldwide. A new strain, called Mars Stealer, aims to target popular crypto wallets like MetaMask, Coinbase Wallet, and several dozen others. As a result, users are advised to take the necessary precautions to keep their funds safe.

Mars Stealer Is Annoying Malware

The Mars Stealer malware strain is an evolution of the Oski Trojan, renowned for stealing sensitive data and other information. It is not uncommon for criminals to use existing nefarious tools and tweak the code to pose a new threat. However, this new malware is highly annoying because it primarily targets cryptocurrency wallets used as browser extensions or mobile applications. 

Targets include:

  • MetaMask
  • TronLink
  • Coinbase Wallet
  • Roning Wallet
  • Binance Chain Wallet
  • and over 35 other tools. 

According to preliminary research, Mars Stealer is capable of targeting extensions on Chromium-based browsers. However, the Opera browser is safe from harm for now. Unfortunately, that still leaves Google Chrome, Brave, Microsoft Edge, and other browsers vulnerable to this malware. There is still the risk of credential-hijacking for Opera users – and Firefox fans – which shouldn’t be overlooked either. 

As is common with malware, Mars Stealer can find its way to your browser in many ways. Nefarious file hosting websites, torrent files, and other download-related solutions are traditionally favorite delivery mechanisms for nefarious payloads. Security researchers note the malware will not run on machines with their language ID set to Kazakhstan, Azerbaijan, Belarus, Uzbekistan, or Russia. 

For anyone who is interested in getting up close and personal with Mars Stealer, the software is for sale on darknet marketplaces. It has an average price of $140, which is a small price to pay for a malware strain that can potentially affect millions of users. For browser extension-based wallet users, enabling two-factor authentication is paramount. Every extra security layer needs to be explored to keep any account safe on the internet.