The virus attacks MetaMask extensions, Binance Chain Wallet, Coinbase Wallet, and more. The virus got sold on dark web forums for about $140.
A new malware threatens the security of desktop digital wallets. This new malware can steal sensitive data such as private keys, extract bitcoins (BTC), and vanish, leaving no trace. The virus is the Mars Stealer, a thief virus that affects more than 40 wallets.
The virus is an Oski Trojan update from 2019, and it attacks cryptocurrency wallets based on browser extensions.
Affected browser extensions add MetaMask, Binance Chain Wallet, Coinbase Wallet, Ronin Wallet, Saturn Wallet, and TronLink. The virus also aims at Chromium-based browsers. In simpler words, most popular browsers, such as Google Chrome or Microsoft Edge, are breeding sites for this type of malware.
The virus got sold on the dark web for at least USD 140 and menaces wallets such as those connected to Bitcoin Core (which operates with Dogecoin, Zcash, Dash, Litecoin, and others). Ethereum wallets also could get harmed, in addition to Electrum, Binance, Exodus, and many others.
How Does this New Virus Work?
As explained by 3xp0rt, Mars Stealer spreads through various channels, like torrent clients or file-hosting websites. It gains access to the system after a user downloads from a link of dubious origin.
Once it enters the computer, the virus checks the language of the terminal. The funny thing is that if it detects that you are from Kazakhstan, Uzbekistan, Azerbaijan, Belarus, or Russia, the malware leaves the device and does not harm it.
If the language is another, the virus goes directly to the file where the sensitive information is, such as the addresses of the purses and the private keys, essential to have total management and control of cryptocurrencies. Once it gets what it wants, the virus leaves the computer and erases all traces that show it breached the security in the computer.
According to the virus offering on a dark web forum, this malware weighs 95 kb and encrypts used strings, collects all logs in memory, and maintains a secure SSL connection with the command server. The virus compiles passwords, cookies, auto-fills, browsing history, and file download failure.
How to Avoid an Attack from this Virus
As the transfer of the virus from the Internet to a computer is still unknown, specialists call to be careful where they make a click because they could run the risk of giving this malware a pass.
According to Will Foxley, who is on the staff of The Hash at CoinDesk and director of content at Compass Mining, this virus is a perfect opportunity to learn how to protect private keys, especially on platforms like MetaMask, which have a large number of users.
For Foxley, the importance of all these lies is teaching people the basics of how to protect wallets. For this reason, it encouraged the use of cold wallets since an extension is very susceptible to being stolen. He agrees with Naomi Brockwell, which also hosted that program, and said that users must be careful when using cryptocurrencies.
By: Jenson Nuñez
