New malware targets the MetaMask and Coinbase Wallet. Users have already been notified about this issue. This new malware, known as Mars Stealer, aims to steal cryptocurrency from browser extension wallets.
As per browser-based crypto wallets, many issues arise since they do not have regulated security. However, many people store their Bitcoin (BTC), Ethereum (ETH), and other cryptocurrencies in browser-based crypto wallets. Usually, such wallets are non-custodial. This puts the security of the funds in the hands of the people. Yet, a new strain of malware makes the security of online wallets even harder to maintain. It explicitly targets cryptocurrency wallets that function as browser extensions. Some examples would be MetaMask, Binance Chain Wallet, and Coinbase Wallet.
How Does Mars Stealer Malware Function?
According to security researcher 3xp0rt, the new virus is way stronger than the Oski trojan discovered in 2019. The malware, Mars Stealer, targets more than 40 browser-based crypto wallets. This also includes two-factor authentication (2FA) extensions. In addition, it uses a grabber function to steal users’ private keys to get access to their accounts.
Furthermore, wallets such as MetaMask, Nifty Wallet, Coinbase Wallet, Ronin Wallet, and TronLink are among the victims. According to the security expert, the virus may target extensions on all Chrome-based browsers except for Opera.
Unfortunately, popular browsers such as Google Chrome, Microsoft Edge, and Brave, have made it onto the list of blocked websites. Although they are secure when it comes to such attacks, Firefox and Opera may also be at risk.
It is concluded that all kinds of file-hosting platforms and torrent clients may spread Mars Stealer. The primary attention of malware after infecting a machine is to verify the device language. Nevertheless, there are some exceptions when this virus does not have the power to harm the system.
The malware’s objective is a file that contains sensitive information such as crypto wallet addresses and private keys. Accordingly, once the theft completes its goal, it simply deletes itself from the system. Then, the hacker can use the private keys and steal your cryptocurrencies.
Hackers now sell Mars Stealer for $140 on dark websites. This indicates that bad actors have direct access to the malware. Regarding the malware among these browsers, users should be very cautious of suspicious URLs or downloads. Because if you aren’t cautious, you might as well say goodbye to your non-fungible tokens (NFTs).