A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets.
“Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens,” Morphisec malware researcher Arnold Osipov said in a report published Tuesday.
Based on the Oski Stealer and first discovered in June 2021, Mars Stealer is said to be constantly under development and available for sale on over 47 underground forums, darknet sites, and Telegram channels, costing only $160 for a lifetime subscription.
Information stealers allow adversaries to vacuum personal information from compromised systems, including stored credentials and browser cookies, which are then sold on criminal marketplaces or used as a springboard for launching further attacks.
The release of Mars Stealer last year has also been accompanied by a steady increase in attack campaigns, some of which have involved the use of a cracked version of the malware that has been configured in such a manner that it has exposed critical assets on the internet, inadvertently leaking details about the threat actor’s infrastructure.
images from Hacker News