urlscan.io logo urlscan.io
SecurityTrails logo

cointelegraph.com Open in urlscan Pro
2606:4700:10::ac43:1240  Public Scan

Back to summary
URL: https://cointelegraph.com/news/hodlers-beware-new-malware-targets-metamask-and-40-other-crypto-wallets
Submission: On February 02 via api from US — Scanned from DE

Form analysis 2 forms found in the DOM

<form class="article-subscription-widget-form">
  <div class="article-subscription-widget-form__delivery"> DELIVERED EVERY FRIDAY </div>
  <div class="article-subscription-widget-form__title">Subscribe to the Finance Re<span>defi</span>ned newsletter</div>
  <div class="article-subscription-widget-form__input-wrap"><input id="input" type="text" class="article-subscription-widget-form__input"><label for="input" class="article-subscription-widget-form__input-label">Email Address</label><!----></div>
  <div class="article-subscription-widget-form__btn-wrap"><button type="submit" class="article-subscription-widget-form__btn"> Subscribe </button></div>
  <div class="article-subscription-widget-form__tos">By subscribing, you agree to our <a target="_blank" href="/terms-and-privacy">Terms of Services and Privacy Policy</a></div>
</form>

<form autocomplete="off" class="container header-mobile-search-form" data-v-80ed841c=""><button type="submit" class="btn header-mobile-search-form__btn" data-v-80ed841c=""><span class="btn__wrp" data-v-80ed841c=""><span
        class="btn header-mobile-search-form__magnifier-icon" data-v-80ed841c=""></span></span></button><label class="header-mobile-search-form__label" data-v-80ed841c=""><input placeholder="Search" type="text" name="query" autocomplete="off"
      autofocus="autofocus" value="" class="input header-mobile-search-form__input" data-v-80ed841c=""></label><button class="btn header-mobile-search-form__btn" data-v-80ed841c=""><span class="btn__wrp" data-v-80ed841c=""><span
        class="btn header-mobile-search-form__cross-icon" data-v-80ed841c=""></span></span></button></form>

Text Content

Unsere Website auf Deutsch

Möchten Sie die deutsche Version des Cointelegraph besuchen?

Nein Ja
X
 * BTC $38,519 +0.13%
 * ETH $2,765 +0.05%
 * BNB $383 -0.12%
 * SOL $110 +3.51%
 * XRP $0.63 +0.68%
 * DOGE $0.14 +1.33%

 * English
   
   Unsere Website auf Deutsch
   
   Möchten Sie die deutsche Version des Cointelegraph besuchen?
   
   Nein Ja
 * Advertise
 * Careers

 * News
    * Bitcoin
    * Ethereum
    * Altcoins
   
    * Blockchain
    * Business
    * Policy & Regulations
   
    * NFTs
    * DeFi
    * Adoption

 * Markets
    * Market News
    * Price Indexes
    * Market Analysis
   
    * Heatmap
    * Top 10 Cryptocurrencies

 * Magazine
 * People
    * Top 100 2021
    * Top 100 2020
    * Opinion
   
    * Expert Take
    * Interview

 * Cryptopedia
    * Explained
    * How to Crypto
    * Bitcoin101
   
    * Ethereum101
    * Dogecoin101
    * Altcoin101
   
    * DeFi101
    * Trading101
    * NFT101
   
    * Blockchain101
    * Funding101
    * Regulation101

 * CT Store
 * Consulting
    * Consulting Services
    * Technology Providers
    * Industry Reports

 * Video
 * Markets Pro



Erhan Kahraman
1 hour ago


HODLERS BEWARE! NEW MALWARE TARGETS METAMASK AND 40 OTHER CRYPTO WALLETS

Users have been warned against a new malware designed to steal crypto from
browser extension wallets such as MetaMask and Coinbase Wallet.

2280 Total views
26 Total shares
Listen to article
2:13

News
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 

Security was never the strong suit of browser-based crypto wallets to store
Bitcoin (BTC), Ether (ETH) and other cryptocurrencies. However, new malware
makes the safety of online wallets even more complicated by directly targeting
crypto wallets that work as browser extensions such as MetaMask, Binance Chain
Wallet or Coinbase Wallet.

Named Mars Stealer by its developers, the new malware is a powerful upgrade on
the information-stealing Oski trojan of 2019, according to security researcher
3xp0rt. It targets more than 40 browser-based crypto wallets, along with popular
two-factor authentication (2FA) extensions, with a grabber function that steals
users’ private keys.

MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain
Wallet and TronLink are listed as some of the targeted wallets. The security
expert notes that the malware can target extensions on Chromium-based browsers
except Opera. Sadly, it means some of the most common browsers such as Google
Chrome, Microsoft Edge and Brave made it to the list. Also, while they are safe
from extension-specific attacks, Firefox and Opera are also vulnerable to
credential-hijacking.

Related: 'Less sophisticated' malware is stealing millions: Chainalysis

Mars Stealer can be spread through various channels such as file-hosting
websites, torrent clients and any other shady downloaders. After infecting a
system, the first thing the malware does is check the device language. If it
matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or
Russia, the software leaves the system without any malicious action.

For the rest of the world, the malware targets a file that holds sensitive
information such as crypto wallets’ address info and private keys. It then
leaves the system by deleting any presence once the theft is complete.

Hackers are currently selling Mars Stealer for $140 on dark web forums, meaning
the barrier to access the trojan is relatively low for malicious actors. Users
who hold their crypto assets on browser-based wallets or use browser extensions
like Authy to utilize 2FA are warned to be cautious against clicking dubious
links or downloads.

DELIVERED EVERY FRIDAY
Subscribe to the Finance Redefined newsletter
Email Address
Subscribe
By subscribing, you agree to our Terms of Services and Privacy Policy


 * #Bitcoin Wallet
 * #Wallet
 * #Ethereum
 * #Malware
 * #Hackers
 * #Firefox
 * #Cybersecurity
 * #Google Chrome
 * #DeFi


Related News
 * Blockchain to Disrupt Music Industry and Make It Change Tune
 * Crypto-focused shopping site rolls out 'buy now, pay later' feature
 * Blockchain-based decentralized messengers: A privacy pipedream?
 * OpenSea acquires Dharma Labs and a new CTO
 * Crypto.com breach may be worth up to $33M, suggests onchain analyst
 * Multichain under fire from users as hacking losses grow to $3M


Load more articles
Editor’s Choice
 * US bobsledder feels the Bitcoin rhythm and orange pills his fans
 * Hodlers beware! New malware targets MetaMask and 40 other crypto wallets
 * BTC price faces crucial trend battle as Bitcoin RSI confirms breakout
 * Diem stablecoin co-founder praises Bitcoin for censorship resistance
 * Colombia clamps down on crypto tax evasion as adoption thrives

Cointelegraph YouTube Subscribe

Advertise with us
Robust liquidity on HitBTC

Note that all trading strategies are to be used at your own risk. Before
trading, we recommend to make sure that you have a clear understanding of
cryptocurrencies and how they are traded.

fast exchange on Changelly

This is to note that you should realize all crypto trading risks. Please make
sure that you understand how crypto exchange service works.

Exchange Crypto at True Cost

Note that all trading strategies are to be used at your own risk. Before
trading, we recommend to make sure that you have a clear understanding of
cryptocurrencies and how they are traded.



Cointelegraph.com uses Cookies to ensure the best experience for you.

Accept