Security News > 2022 > March > Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets.

"Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov said in a report published Tuesday.

Based on the Oski Stealer and first discovered in June 2021, Mars Stealer is said to be constantly under development and available for sale on over 47 underground forums, darknet sites, and Telegram channels, costing only $160 for a lifetime subscription.

The release of Mars Stealer last year has also been accompanied by a steady increase in attack campaigns, some of which have involved the use of a cracked version of the malware that has been configured in such a manner that it has exposed critical assets on the internet, inadvertently leaking details about the threat actor's infrastructure.

While Mars Stealer is most commonly distributed via spam email messaging containing a compressed executable, download link, or document payload, it's also propagated via fraudulent cloned websites advertising well-known software such as OpenOffice that were then pushed through Google Ads.

Because the threat actor compromised their own machine with the Mars Stealer during debugging, the OPSEC mistake allowed the researchers to attribute the campaign to a Russian speaker as well as uncover details about the adversary's use of GitLab and stolen credentials to place Google Ads.

News URL

https://thehackernews.com/2022/03/researchers-expose-mars-stealer-malware.html