Published: June 10, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Ok, Mars Stealer isn’t exactly the latest sci-fi invader, but it is a new info-stealer malware that’s been pilfering valuable personally identifiable information (PII) from its earthling victims. The latest version of this malware uses an array of sneaky tactics to achieve its goal, some of which we see every day, in abundance, such as email phishing. Victims have PII like browser credentials and crypto wallets stolen, along with credit card data and other valuable information. In the wrong hands, this theft can lead to further and more invasive attacks. Mars Stealer should concern all earthlings.
First discovered in June of 2021, Mars Stealer is an offspring of Osaki Stealer, an older version of this type of threat group. Like much of the malware we see today, Mars is continually under construction by its developers who are always looking for improvements to its capabilities. That means even though Mars exists in the form it does today, tomorrow could bring new and stealthier versions of the malware.
Data stored in browsers such as credentials, credit card numbers, cookies, and generally any other data used for autofill is what Mars Stealer is after. This type of PII is often the springboard to additional, more devastating attacks, and as such, is valuable to other cybercriminals and their nefarious plans. Cryptocurrency wallets like those from Binance, Coinbase, and Metamask are other favorite targets of Mars Stealer.
Tactics using social engineering techniques and spam emails to distribute Mars Stealer via infected links are favored distribution channels. The malware also spreads using cloned, fraudulent websites that advertise familiar software such as OpenOffice, and are promoted using Google Ads. Instead, the ads bring those wanting to download legitimate software programs to bogus and malicious websites for Mars-infected software.
Keep Mars from Attacking You
Knowing how Mars Stealer distributes itself is also the best information for helping prevent more infections. Socially engineered emails, those that address a recipient by name, job, or special interest are likely to get a potential victim’s attention, and a ruse for them to download a Mars-infected link.
Anti-phishing tactics help users determine harmful emails from those that are not. Trusting your instincts goes a long way, so if an email raises even the slightest suspicion, delete it immediately. Pay attention to the sender’s email address to spot fakes, and emails with generic greetings, typo’s, bad grammar and fuzzy graphics are all huge phishing red flags.
Make sure you have anti-virus installed on your mobile devices. Yes, they are more difficult to breach, but it does still happen and attacks on these are likely to get more aggressive.
Also, limiting the PII you store in a browser, if any at all, is recommended. As we see with Mars Stealer, busting-open browsers and stealing their data is part of the plan to steal more. Keeping your PII close-to-the-vest and limiting its exposure is always recommended.
And there is even more to this sci-fi saga. Mars Stealer is currently available on underground forums for the low, low price of $160 for a lifetime subscription. Earthlings beware!