Threat Watch

Mars Stealer Attacks

The Morphisec Labs team has conducted research on the new Mars infostealer. Mars is based on the older Oski Stealer and was first discovered in June 2021. The new Mars stealer is available for sale on several underground forums and is reported to be under constant development. The Mars Stealer pilfers user credentials stored in various browsers, as well as many different cryptocurrency wallets. Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens.

ANALYST NOTES

In addition to stealing passwords stored in the browser, Mars stealer also steals credentials for cryptocurrency wallets. It is recommended to store passwords in a password manager that will encrypt them, enable two-factor authentication whenever it is available, and never share passwords across logins. Passwords should be unique to each account and should be reasonably complex and random.

https://blog.morphisec.com/threat-research-mars-stealer