Faceless hooded anonymous computer hacker

A new type of malware has appeared that is able to extract private keys from a multitude of wallet browser extensions.

Chromium browsers most at risk

According to security researcher 3xp0rt (https://3xp0rt.com/posts/mars-stealer) , Mars Stealer is an improved version of the Oski trojan, which first appeared in 2019. The malware mainly targets Chromium-based browsers, such as Google Chrome, Microsoft Edge, and Brave. 

Once its payload executes, Mars Stealer attempts to extract private keys from popular browser extension wallets, including MetaMask, Binance Chain Wallet, TronLink, and Coinbase Wallet. Additionally, some 2FA applications are at risk of getting their credentials stolen. Following the attack, the malware removes itself from the victim’s computer without leaving a trace behind.

Russian hackers are the most likely source

There are several hints that Mars Stealer originates from Russia. Before executing its payload, the malware checks whether the victim’s language ID matches with that of Russia, Belarus, Kazakhstan, Azerbaijan, or Uzbekistan, and terminates if a match is found. This is due to the fact that Russia generally only prosecutes cybercrimes against Russian citizens, but not cybercrimes originating in Russia targeting other nationalities.

Also, the developers of Mars Stealer advertise the trojan, which can be bought for the price of 140 USD, in Russian language on a dark web forum. Last month, Chainanalysis warned that hackers are using mass-copied malware types such as Cryptojackers to extort money from their victims

By Treadstone 71

@Treadstone71LLC Cognitive Warfare Training, Intelligence and Counterintelligence Tradecraft, Influence Operations, Cyber Operations, OSINT,OPSEC, Darknet, Deepweb, Clandestine Cyber HUMINT, customized training and analysis, cyber psyops, strategic intelligence, Open-Source Intelligence collection, analytic writing, structured analytic techniques, Target Adversary Research, strategic intelligence analysis, estimative intelligence, forecasting intelligence, warning intelligence, Disinformation detection, Analysis as a Service