Highlander •
Stop Getting Wrecked, Ditch browser extensions and software wallets
Loading content...
Highlander •
Why do people keep giving their money to the baddies?
Imagine waking up one day to find that your hard-earned cryptocurrency has vanished without a trace. The funds you meticulously saved, invested, and hoped would secure your financial future are gone, siphoned off by some faceless hacker hiding in the shadows of the internet. This is not a nightmare; it’s the grim reality that thousands of crypto users face every day because they trust their digital assets to software wallets and browser extensions.
The truth is, relying on browser-based wallets like MetaMask or even mobile wallets on iOS and Android is like leaving your car keys in the ignition with the doors wide open in a sketchy neighborhood. You’re practically inviting disaster. But why do people keep making this fatal mistake?
Every year, billions are lost to hacks and exploits, and many of these losses are directly related to the ease and prevalence of malware and phishing tools targeting software wallet users. The convenience of software wallets comes at a steep price, as they are prime targets for cybercriminals looking to capitalize on their vulnerabilities.
“but how can some on get my keys when they are stored in a browser exension like MetaMask?”
If you’ve been around the crypto space for a while, you might remember the Oski Trojan from 2019. This nasty piece of malware wreaked havoc on browser-based wallets, causing countless crypto users to lose their funds. Fast forward to today, and the Oski Trojan has made a terrifying comeback, rebranded and upgraded as Mars Stealer.
Mars Stealer is the latest cyber threat you need to know about. This malware is more dangerous than its predecessor and is tailor-made to target over 40 different browser-based wallets and extensions, including MetaMask, Binance Chain Wallet, and Coinbase Wallet. Even if you’ve been diligent and use two-factor authentication (2FA), Mars Stealer can still find its way past these defenses.
Mars Stealer is highly efficient and scarily affordable. Any hacker with just $200 can purchase this malware on the Dark Web, ready to be unleashed on unsuspecting crypto users. Once in the hands of a cybercriminal, it’s simply a matter of tricking you into downloading it.
The most chilling aspect of Mars Stealer is its ability to go undetected. It can infiltrate your browser through seemingly harmless activities: downloading files from torrent sites, clicking on a phishing email, or even just visiting a compromised website. Once it’s on your system, it collects everything it needs—your wallet addresses, private keys, and more—before uninstalling itself without a trace. By the time you realize what’s happened, it’s too late.
Despite the convenience of browser-based wallets, they are inherently vulnerable. Mars Stealer is just one example of how hackers exploit these weaknesses, but the reality is that any software wallet is susceptible to similar attacks. Malicious extensions, phishing interfaces, and API manipulation are just some of the attack vectors that can be used to compromise your funds.
Let’s break it down further. Here’s a list of just some of the browsers, crypto wallets, and 2FA plugins that Mars Stealer can target:
If your setup involves any of these, you’re playing with fire.
In June 2023, Atomic Wallet users learned this lesson the hard way. Hackers breached the popular non-custodial wallet, stealing over $100 million worth of cryptocurrencies. The attack affected thousands of accounts, proving that even so-called secure wallets are not immune to catastrophic breaches.
This wasn’t just a random attack; it was a carefully orchestrated operation that exploited weaknesses in Atomic Wallet’s code. Some theories suggest that the hackers used a malicious SDK or exploited a flaw in the encryption algorithm. Whatever the method, the result was devastating.
So, how can you protect yourself from becoming the next victim? The answer is simple: ditch your software wallets and switch to a hardware wallet like KeepKey. Unlike software wallets, which are always online and therefore always vulnerable, hardware wallets store your private keys offline. This makes them immune to the kinds of attacks that software wallets fall prey to.
With a hardware wallet, even if your computer is infected with malware, your private keys remain safe. Hardware wallets don’t just add an extra layer of security; they fundamentally change the game. They are the only truly secure way to store your cryptocurrency.
The cryptocurrency space is still like the Wild West, full of risks and dangers. But you don’t have to be the next victim. Stop getting wrecked by trusting your funds to vulnerable software wallets and browser extensions. Make the smart choice and switch to a hardware wallet like KeepKey. Your financial future may depend on it.
Buy a KeepKey today.
KeepKey
KeepKey - The premier hardware wallet to help protect your cryptocurrencies and safeguard your assets from hackers.
keepkey.com
Use code #selfcustody to save
If you keep crypto in a digital wallet—watch out. An old crypto hack is making the rounds again under a new name and with a few new tricks. If you’ve been investing in crypto for a while, you may be familiar with the Oski Trojan from 2019. This trojan attacked browser-based wallets, stealing crypto when successful and causing a cryptocurrency crash for many.
The new and improved, upgraded version, known as Mars Stealer, aims to do the same thing and is even more adept at doing so than its predecessor. Currently, it is known to successfully navigate past the security features in more than 40 different browser-based plug-ins and wallets, even when two-factor authentication (2FA) is used. 2FA is usually an exceptionally strong deterrent to hackers, so this makes Mars Stealer a particularly dangerous cyberthreat.
Browser-based wallets are, unfortunately, not known for exceptional security features. Cybercriminals and hackers try many tactics to infiltrate digital wallets and steal your crypto, with varying degrees of success. Quite often, so long as you follow additional cybersecurity protocols, you can keep most cyberattacks at bay and keep your crypto safe. But not so with Mars Stealer, a highly efficient piece of malware that anyone can purchase on the Dark Web for less than $200.
Once purchased by a hacker, it is simply a matter of placing it somewhere where a cryptocurrency holder is likely to download it accidentally. Or the hacker can send it via email, using phishing attacks to trick the recipient into clicking on a link that will secretly download it. Even visiting a web page containing Mars Stealer code can be dangerous, as the malware is designed to attack actual browser extensions.
Mars Stealer will primarily infect users’ browsers and systems via free file-hosting websites, downloads from torrent clients and peer-to-peer sharing networks, and other third-party sites containing downloads. Like most malware and trojans, Mars Stealer is typically disguised as another piece of software that users are likely to download.
When Mars Stealer is downloaded, it quickly runs a script to determine the language setting on your device. The malware will actually avoid infecting any users determined to be from the Commonwealth of Independent States—Kazakhstan, Russia, Uzbekistan, Belarus, and Azerbaijan—and subsequently, uninstall itself.
Otherwise, Mars Stealer can cause a host of problems for an infected individual. The malware, using special techniques, will collect memory data from crypto browser wallet extensions, browser extensions, plug-ins, and even 2FA extensions, allowing it to bypass the security functions and infiltrate crypto wallets. Information stolen could include wallet addresses, private security keys, and more. Once it obtains this information, it uninstalls itself, leaving no traces. However, the hacker now has everything they need to empty your crypto wallet without you even noticing until you check it.
The problems resulting from a Mars Stealer infection include financial loss, a loss of privacy, and possibly identity theft.
The list of targeted extensions, plug-ins, and browser wallets is quite long and possibly still growing. If your browser contains any of these extensions, wallets, and plug-ins, you’ll need to take measures to protect yourself from a cryptocurrency crash.
Browser extensions:
Internet Explorer, Microsoft Edge, Kometa, Amigo, Torch, Orbitium, Comodo Dragon, Nichrome, Maxxthon5, Maxxthon6, Sputnik Browser, Epic Privacy Browser, Vivaldi, CocCoc, Uran Browser, QIP Surf, Cent Browser, Elements Browser, TorBro Browser, CryptoTab Browser, Brave, Opera Stable, Opera GX, Opera Neon, Firefox, SlimBrowser, PaleMoon, Waterfox, CyberFox, BlackHawk, IceCat, K-Meleon, Thunderbird
Crypto extensions:
TronLink, MetaMask, Binance Chain Wallet, Yoroi, Nifty Wallet, Math Wallet, Coinbase Wallet, Guarda, EQUAL Wallet, Jaox Liberty, BitAppWllet, iWallet, Wombat, MEW CX, Guild Wallet, Saturn Wallet, Ronin Wallet, Neoline, Clover Wallet, Liquality Wallet, Terra Station, Keplr, Sollet, Auro Wallet, Polymesh Wallet, ICONex, Nabox Wallet, KHC, Temple, TezBox Cyano Wallet, Byone, OneKey, Leaf Wallet, DAppPlay, BitClip, Steem Keychain, Nash Extension
Crypto wallets:
Bitcoin Core, Ethereum, Electrum, Electrum LTC, Exodus, Electron Cash, MultiDoge, JAXX, Atomic, Binance, Coinomi
2FA plug-ins:
Authenticator, Authy, EOS Authenticator, GAuth Authenticator, Trezor Password Manager
Despite the fact that Mars Stealer can bypass many security features, there are still things you can do to protect yourself and your crypto from this malware. For starters, try to be as vigilant as possible when clicking on links or downloading files. Consider all links or downloads in emails as a potential threat if you aren’t 100% sure of the source. Phishing emails, in particular, have gotten incredibly sophisticated, so check twice to ensure any email is from a trusted source. Check link extensions as well. For example, a .exe extension is not the standard extension for a movie or music file.
Try to avoid using torrent websites and file sharing sites as well, since these are a prime means of distributing the Mars Stealer trojan. If you must download files from third-party sites, try to do so on a separate device from the device where your crypto browser wallets are installed.
Recommended products
Kaspersky can protect you from all major threats, including malware, spyware, and trojans. The Total Security suite provides bank-grade protection, significantly reducing the risk of your crypto browser wallets being infiltrated by hackers. Learn more about how Kaspersky can help you stay five steps ahead of cybercriminals and keep your data and finances safe.
Browser-based cryptocurrency wallets like MetaMask are inherently vulnerable to certain security risks due to their integration with web browsers:
To protect against these threats:
Malicious extensions can compromise MetaMask and other wallets through various methods:
A notable example of malware targeting browser-based crypto wallets is the Mars Stealer:
Several theories have been proposed regarding how the hack occurred:
In June 2023, Atomic Wallet, a popular non-custodial cryptocurrency wallet, suffered a major security breach: