Researchers found a fake website resembling Atomic Wallet, a decentralized cryptocurrency. The website was distributing a data-stealing virus called Mars Stealer. Mars Stealer has so far hacked into systems of students, faculty, content makers, healthcare infrastructure providers in Canada and several Canadian service companies.
People were directed to this cloned website using emails, messages, links, malspam campaigns etc. The company logo, images, layout, contact form, email address and other details were copied to make the cloned website appear like the official website. It was found to cause identity theft by harvesting personally identifiable information (PII).
Mars Stealer is a malware that was found in June 2021. It steals user credentials and information stored in cryptocurrency wallets from their browsers. Once infected, it gains access to various data in the user’s system. It can cause heavy damage to cryptocurrency users by stealing the plugin called crypto wallet MetaMask.
Mars Stealer is designed in a way that it will not appear to infect the operating system (OS) initially. The malware is reported to be under development. This malicious software can hack autofill data, stored passwords, download history and similar data.
Mars Stealer is known to impact various browsers like Google Chrome, Mozilla Firefox, Internet Explorer, Chromium, and Microsoft Edge, among others. It can also upload files to the victim’s system, including trojans and ransomware, creating further damage.
Mars Stealer has been found on 47 underground forums. A lifetime subscription to Mars Stealer is sold for about $160 on Dark Web forums. This has made accessing it in the hands of miscreants easier. It is available to anyone without any user verification. It is designed similar to Oski stealer, a malicious data breaching malware.