Revealed malware that can ‘steal’ cryptocurrency in Metamask wallet, anyone who wants to use it only needs to spend 3.2 million VND

Contrary to cold wallets, security has never been a strong point of browser-based crypto wallets for storing Bitcoin (BTC), Ether (ETH) and other cryptocurrencies.

Worth mentioning, the appearance of the following malware (malware) is making the security of cryptocurrency wallets work as popular browser extensions like MetaMask, Binance Chain Wallet or Coinbase Wallet becoming more and more ‘fragile’.

Dubbed Mars Stealer by the developers, the malware is a powerful upgrade of the Oski trojan, which was used to steal user information in 2019, according to security researcher 3xp0rt.

Accordingly, the Mars Stealer possesses the ability to steal a user’s private key. Notably, up to 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, have been targeted by Mars Stealer. including names like MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet and TronLink..

According to security experts, the aforementioned malware can target extensions on Chromium-based browsers (except Opera). This means, some of the most popular browsers like Google Chrome, Microsoft Edge, and Brave have made the list. Additionally, while safe from extension-specific attacks, Firefox and Opera are also vulnerable to credential hijacking.

According to CoinTelegraph, Mars Stealer can be distributed through various channels such as data sharing websites, torrent sites or any other shady downloader.

A very surprising point, is that after successfully infiltrating the system, the first thing Mars Stealer does is check the language of the device. Accordingly, if it matches the language IDs of countries such as Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software will leave the system without any bad actions.

For the rest of the world, Mars Stealer targeted a file containing sensitive information such as address information and the private key of a cryptocurrency wallet. It then leaves the system by removing any presence once the theft is complete. Hackers are currently selling Mars Stealer for extremely cheap, only 140 USD on darkweb forums. This means that anyone with bad intentions can access and use this malware.

It is reported that users who hold their crypto assets on a browser-based wallet or use a browser extension like Authy to use 2-factor authentication (2FA) are warned to exercise caution when downloading. or click on suspicious links.

Refer to Cointelegraph