New Crypto Malware Targets Browser Wallet Extensions

New malware that can corrupt crypto wallets and extensions has been discovered, putting investors at risk of being hacked.

A type of malware known as Mars Stealer — an upgraded version of information bootlegger Oski Stealer – has surfaced to prey on web browsers, crypto extensions, and crypto wallets, according to a new blog post by network security specialist 3xp0rt.

Internet Explorer, Firefox, Microsoft Edge, and Thunderbird are some of the most common online browsers that are affected by the infection.

It also targets wallets like Bitcoin Core and its derivatives, as well as crypto extensions like MetaMask, TronLink, Binance Chain Wallet, and Coinbase Wallet. MultiDoge and Ethereum wallets might also be harmed in the future.

The virus, according to 3xp0rt, only targets crypto extensions on browsers that use Chromium instead of Opera.

Mars Stealer, according to the cybersecurity expert, works by gaining access to a computer’s internal library files and performing a sophisticated sequence of technical code reconfigurations to carry out its tasks.

According to 3xp0rt:

Mars Stealer is an improved version of Oski Stealer. [It] has added [functionality]: anti-debug check, crypto extension stealing, but Outlook stealing is missing. The code has been refactored, but some algorithm remained stupid as in Oski Stealer.

The virus targets sensitive data saved in the wallet.dat file to steal a user’s wallet information. According to the internet security expert, the file contains information such as the address and private key access data. A grabber, loader, and self-removal function are also included in the virus.