New Virus Attacks Crypto Wallets of MetaMask Users

New malware has appeared on the network that hunts for crypto assets in online wallets of MetaMask, Coinbase Wallet and other companies.

As reported by Cointelegraph, the new software compromises the security of cryptocurrency wallets that operate as browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet.

A report by security researcher 3xp0rt says that the new malware called Mars Stealer is an updated version of the information-stealing Oski trojan released in 2019.

The new version of the Trojan targets more than 40 types of browser-based crypto wallets and popular two-factor authentication (2FA) extensions. Using the grabber function, the software steals users’ private keys.

The risk group also includes crypto wallets Nifty Wallet, MEW CX, Ronin Wallet and TronLink. And the most vulnerable Chromium-based browsers like Google Chrome, Microsoft Edge and Brave. But Firefox and Opera browsers are also vulnerable, but slightly less than others.

The main channels for the spread of the virus are file hosting, torrent clients and any other suspicious downloaders. After infecting the system, the virus first checks the language of the device.

Interestingly, if the language matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus, or Russia, the program leaves the system without any malicious action.

For the rest of the world, the malware targets a file that contains sensitive information such as crypto wallet address information and private keys. It then leaves the system, removing any presence once the theft is complete.

Post a Comment