New malware recently targeted the browser extension of the MetaMask wallet and 40 other wallets and stole their private keys. Experts advise digital currency holders to be wary of suspicious files and Internet links if they use a wallet browser extension.
Browser-based wallets have always been cited as one of the most insecure tools for storing bitcoins, atriums and digital currencies, according to the Quinn Telegraph. New malware has recently and directly targeted several wallets that have been activated in the form of web browser add-ons. Damaged wallets include Metamsk, Bainance China Walt and Kevin Bass Walt.
An unnamed security researcher named 3xp0rt said the new malware, called Mars Stealer by its developers, was an updated version of the Oski Trojan, previously used to steal information. The malware targeted more than 40 browser-based wallets, along with 2-Step Verification Code Plugins (2FA) and stole the private key for many users.
Among the damaged wallets are the names of Metamsk, Nifty Wallet, Kevin Base Walt, MEW CX, Ronin Wallet, Bainance China Walt and TronLink. The new malware could attack all Chromium-based Internet browsers, including Google Chrome, Microsoft Edge and Brave, except Opera, a security researcher said. Although Firefox and Opera are protected from add-on attacks, they are still at risk of hacking.
Mars Stiller’s new malware can be distributed through a variety of channels, such as file hosting websites, torrent clients, and other download intermediaries. Interestingly, this malware first checks the language of the device after infecting the victim’s system. If the identity of the device matches the languages of Kazakhstan, Uzbekistan, Azerbaijan, Belarus and Russia, the malware will leave the system without any malicious activity.
However, in systems around the world, malware targets precisely the file that contains sensitive information, such as digital currency wallet addresses or private keys. The malware then completes the data theft process, erases its traces and leaves the victim’s system.
Hackers are currently selling malware for $ 140 in Dark Web forums; This means that access to this Trojan horse does not cost much for cybercriminals.
Users who use portfolios based on web browsers or two-step verification plugins, such as Authy, to maintain their digital currencies are advised to watch out for links and download suspicious files.
Read also: Types of fraud with digital currency; How can we not be victims? + Video
The Browser publication for holders of browser-based portfolios; A new wallet plugin targeting malware has first appeared in Digital Currency.