Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

Published at: Feb. 2, 2022

Security was never the strong suit of browser-based crypto wallets to store Bitcoin (BTC), Ether (ETH) and other cryptocurrencies. However, new malware makes the safety of online wallets even more complicated by directly targeting crypto wallets that work as browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet.

Named Mars Stealer by its developers, the new malware is a powerful upgrade on the information-stealing Oski trojan of 2019, according to security researcher 3xp0rt. It targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys.

MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet and TronLink are listed as the targeted wallets. The security expert notes that the malware can target extensions on Chromium-based browsers except Opera. Sadly, it means some of the most common browsers like Google Chrome, Microsoft Edge and Brave made it to the list. Also, while they are safe from extension-specific attacks, Firefox and Opera are also vulnerable to credential-hijacking.

Related: 'Less sophisticated' malware is stealing millions: Chainalysis

Mars Stealer can be spread through various channels like file-hosting websites, torrent clients and any other shady downloaders. After infecting a system, the first thing the malware does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software leaves the system without any malicious action.

For the rest of the world, the malware targets a file that holds sensitive information like crypto wallets' address info and private keys. It then leaves the system by deleting any presence once the theft is complete.

Hackers are currently selling Mars Stealer for $140 on dark web forums, meaning the barrier to access the trojan is relatively low for malicious actors. Users who hold their crypto assets on browser-based wallets or use browser extensions like Authy to utilize 2FA are warned to be cautious against clicking dubious links or downloads.

Tags
Related Posts
BitKeep exploiter used phishing sites to lure in users: Report
The Bitkeep exploit that occurred on Dec. 26 used phishing sites to fool users into downloading fake wallets, according to a report by blockchain analytics provider OKLink. The report stated that the attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker. 【12-26 #BitKeep Hack Event Summary】 1/n According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker …
Ethereum / Dec. 26, 2022
Israeli Citizen Accused of Stealing Over $1.7 Million in Crypto
Eliyahu Gigi, a 31-year-old from Tel Aviv, has been charged with stealing over $1.7 billion in a variety of cryptocurrencies. Gigi allegedly stole Bitcoin (BTC), Ethereum (ETH), and Dash (DASH) from users in the Netherlands, Belgium, and Germany. Lawyer Yeela Harel of the cyber department in the State Attorney's Office filed charges against Gigi on July 17, according to a report published the same day by Israeli business outlet Globes. Gigi has reportedly been charged with crimes including theft, fraud, and money laundering, among others. According to the report, Harel’s indictment claims that Gigi set up a network of scam …
Bitcoin / July 19, 2019
PennyWise crypto-stealing malware spreads through YouTube
A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions. Cyber intelligence company Cyble in a June 30 blog post said it had been tracking the malware known as PennyWise — likely named after the monster in Stephen King’s horror novel It — since it was first identified in May. “Our investigation indicates that the stealer is an emerging threat,” wrote Cyble in a blog post on June 30: “In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications …
Bitcoin / July 6, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Death and self-custody: How to pass on your crypto when you die
The average crypto investor probably isn’t planning on dying of old age anytime soon, but that doesn’t mean they shouldn’t have a plan in place to pass on their crypto in the event they meet an unlikely demise, lawyers warn. Speaking to Cointelegraph, Dubai-based crypto lawyer Irina Heaver believes that “billions” worth of Bitcoin (BTC) has been lost due to a lack of proper death-related planning by hodlers. She noted that many families have been unable to access their loved one’s crypto assets due to private keys being taken to the grave, and emphasized the importance of discussing crypto assets …
Nft / Jan. 11, 2023