They didn’t always have the best security when they used browser-based crypto wallets to store Bitcoin (BTC), Ethereum (ETH), and other cryptocurrencies, but now they do.
As if that wasn’t bad enough, new malware is making the online wallets that people use even more dangerous by attacking crypto wallets that work as browser extensions, like MetaMask, Binance Chain Wallet, or Coinbase Wallet.
Named Mars Stealer by its developers, this new malware has more power than the Oski trojan of 2019, a security researcher says.
Over 40 browser-based crypto wallets and two-factor authentication extensions are targeted by this malware. It has a function that steals users’ private keys.
Nifty wallet, Coinbase wallet and MEW CX are some of the wallets that are being targeted. Ronin Wallet and Binance Chain Wallet are also on the list.
The security expert says that malware can attack extensions on Chrome-based browsers, but not Opera.
As a bad thing, it means that some of the most popular browsers like Google Chrome and Microsoft Edge made the list of bad browsers.
Also, even though Firefox and Opera are safe from extensions-based attacks, they can also be hacked.
Mars Stealer can spread through a lot of different places, like file-hosting sites, torrent clients, and other shady downloaders.
Before anything else, malware checks to see what kind of computer it is on.
If it has the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus, or Russia, the software leaves the computer without doing anything bad, and it doesn’t do anything bad.
A file that has important information about crypto wallets and private keys is the one that the malware wants. For the rest of the world, that file is important.
Once the theft is done, it leaves the system by deleting any trace of itself.
Hackers are selling Mars Stealer on dark web forums for $140, which means that malicious actors have a low barrier to getting their hands on the trojan.
Cryptocurrency users who keep their money in browser-based wallets or use browser extensions like Authy to use two-factor authentication are being told to be careful about clicking on links or downloading apps.