JAKARTA – Increased security does not go hand in hand with crypto wallets as a place to store Bitcoin, Ethereum, and various other cryptocurrencies. The emergence of a new malware that is said to target crypto wallets based on browser extensions has threatened holders who store crypto in digital wallets such as Coinbase Wallet, MetaMask, Binance Chain Wallet, and so on.

Reported from Cointelegraph, the malware was named Mars Stealer by its developers. The new malware is a strong improvement on the 2019 information-stealing trojan Oski, according to security researcher 3xp0rt. It targets more than 40 browser-based crypto wallets, with the popular two-factor authentication (2FA) extension, with a grabber function that steals users' private keys.

The Mars Stealer malware reportedly targeted various crypto wallets including MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet, and TronLink. Security experts note that the malware can target extensions on Chromium-based browsers except Opera.

Unfortunately, that means some of the most common browsers like Google Chrome, Microsoft Edge, and Brave made it onto the list. Also, while safe from extension-specific attacks, Firefox and Opera are also vulnerable to credential hijacking.

Mars Stealer can be distributed through various channels such as file hosting websites, torrent clients, and other illegal downloaders. After infecting the system, the first thing the malware does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus, or Russia, the software will leave the system without any malicious action.

Worldwide, the malware targets files that hold sensitive information such as crypto wallet address info and private keys. Then leave the system by removing any presence after the theft is complete.

Hackers are currently selling Mars Stealer for $140 on darkweb forums, which means the barrier to accessing the trojan is relatively low for bad actors. Users who store their crypto assets in browser-based wallets or use browser extensions such as Authy to take advantage of 2FA are warned to be careful not to click on suspicious links or downloads.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)