Some of the most widely used browser extension wallets are under serious threat as a new malware targets the market.
According to a recent security research from 3xp0rt, the malware named Mars Stealer by its developer is attacking 40 browse let extension digital asset wallets. The list includes some of the most famous ones like Coinbase Wallet, MetaMask and Binance Chain Wallet. Malware Mars Stealer has come into being through a strong upgradation of Oski Trojan, a 2019 information-stealing malware. It is not only capable of attacking extension browser wallets, but it could also steal crypto from two-factor (2F) authentication extensions, through acquiring users’ private keys using a grabber function.
The List of targeted wallets includes TronLink, Binance Chain Wallet, MetaMask, Coinbase Wallet, Nifty Wallet, Ronin Wallet, and MEW CX. Researchers noted that Microsoft Edge, Google Chrome and Brave browser extensions could be attacked as the Malware could exploit almost all the chromium browsers except Firefox and Opera. Which, alarmingly, are also vulnerable to credential-hijacking.
Mars Stealer could infect the system through multiple channels i.e. shady downloaders, torrent clients, and file-hosting websites. Right after perpetrating the system the first thing malware does is it checks the system language. If the language ID is of Russia, Azerbaijan, Uzbekistan, Kazakhstan, and Belarus, the malware does not do anything further and leaves the system. Otherwise the malware targets a file that holds sensitive information such as crypto wallets’ address info and private keys and leaves the system after removing all traces of its presence. Ridiculously, the Mars Stealer malware is available for purchase for only $140 on the dark web.
Moreover, as a virtue of the rise in DeFi (decentralised finance), the thef in crypto market has been increased lately. In 2921 only the hackers stole approximately $14 billion from the market. Which represents an over 500% increase over the previous year.
Credit: Source link