Copies of the data-stealing virus Mars Stealer being distributed by a phony website serving as the official gateway for the Atomic wallet
In actuality, copies of the data-stealing virus Mars Stealer are being distributed by a phony website serving as the official gateway for the Atomic wallet, a well-known decentralized wallet that also functions as a cryptocurrency exchange center. The fake website was found on Monday by malware researcher Dee, but as of this writing, it is still operational and continuing to spread copies of the aforementioned infection.
People unfamiliar with the legitimate Atomic wallet website, however, might mistakenly believe that the bogus site is a genuine article. While the fake websites aren’t an exact reproduction of the actual ones, a comparison of the two reveals that the fake ones replicate the real ones’ official logos, themes, marketing images, and structures. The fake website even has a contact form, email address, and FAQ section. Regarding how people get there, it may be through spam emails, direct messages on various platforms, SEO poisoning, or deceptive social network advertising.
The Google Play button directs users to the official Atomic Wallet app on the Play Store, while the iOS button has no impact. When the Windows button is pressed, a ZIP file called “Atomic Wallet.zip” that contains the Mars Stealer virus is downloaded.
Two-factor authentication plugins, cryptocurrency extensions and wallets, and account credentials saved in web browsers are all targets of a new data thief known as Mars Stealer. We uncovered in March that Google Ads’ deceptive advertising campaigns were distributing Mars Stealer using the OpenOffice brand. Visitors attempting to download the software are met with three buttons for the Windows, iOS, and Android versions.
According to a technical analysis published by Cyble yesterday, the distribution mechanism for the ongoing Mars Stealer operation goes to great lengths to avoid being found.