Security News > 2022 > February > Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020.
Mars Stealer is an information-stealing malware that steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.
Mars Stealer will capture and send the following basic information to the C2:. IP and country.
Mars Stealer is a lean malware of just 95 KB in size, which attempts to evade security by using routines that hide API calls and string-encryption techniques using a combination of RC4 and Base64.
The Mars Stealer code contains Sleep function intervals to perform timing checks that would result in a mismatch if a debugger is used.
Currently, Mars Stealer is sold for $140 to $160 on hacking forums, so it will likely get in the hands of numerous threat actors and be used in attacks in the future.