The security of crypto wallets has always been a subject of concern. This is also true of browser-based wallets for all cryptocurrencies, including those for BTC and ETH.
The recent appearance of new malware makes ensuring of security of crypto-wallets even more difficult. The recent malware attack was on wallets that function as bowser extensions. Especially vulnerable are wallets – Metamask wallet, Binance wallet and Coinbase wallet.
The recent malware is several degrees more powerful than the trojan Oski first detected in 2019. The new malware has been named ‘Mars stealer’ by its developers. Mars stealer can affect most of the browser-based crypto wallets that are available. The malware can also target the extensions of the two-factor authentication. This is done by taking hold of the user’s private keys.
Over 40 of the popular wallets have been listed as potential targets of the malware. Of the chromium-based browsers, only Opera is safe. This implies that almost all the more popular browsers are vulnerable to malware attack. However, even though Opera is safe from extension-specific attacks, it is still vulnerable to the hijacking of credentials.
The malware has been designed such that, after it infects a system, it first checks for device language. What if the detected language matches the language ID of the central Asian republics such as Azerbaijan, Uzbekistan, Kazakhstan, etc, or of Russia and other former Soviet states? In this case, the malware does not initiate any malicious action. It mainly infects systems through unauthorized and unreliable downloaders.
Other than in the countries mentioned above, the malware attacks files with sensitive information, and steals data such as wallet addresses, private keys, etc. Once the malicious action is completed, the malware exits the system. Before exiting the system, it erases all traces of its presence.
Holders of browser-based wallets would do well to stay away from unknown links and unreliable download sites. The malware is being sold for as less as $140 on the dark web.