Security News > 2022 > March > Mars Stealer malware pushed via OpenOffice ads on Google
A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it.
Mars Stealer emerged as a redesign of the Oski malware that shut down development in 2020, featuring extensive info-stealing capabilities targeting a broad spectrum of apps.
Promoted on hacking forums at affordable prices in the range of $140-$160, Mars Stealer grew slowly until recently, when the abrupt shut down of Raccoon Stealer forced cybercriminals to seek alternatives.
A new Mars Stealer campaign uncovered by Morphisec is using Google Ads advertising to rank cloned OpenOffice sites high on Canadian search results.
The OpenOffice installer on the phony site is, in reality, a Mars Stealer executable packed with the Babadeda crypter or the Autoit loader, so the victims are unknowingly infecting themselves.
For those looking for a deep technical nose-dive into the new Mars Stealer malware, you can read 3xp0rt's analysis of the new malware variant.