What is Mars Stealer v8?
Mars Stealer v8 is an advanced variant of the Mars Stealer malware family, specializing in stealing sensitive information from infected systems. It primarily targets Windows users and is capable of harvesting credentials from browsers, FTP clients, email clients, and cryptocurrency wallets. The malware is distributed through malicious attachments, fake software updates, and compromised websites, often leveraging social engineering to trick victims into executing the payload.Once installed, Mars Stealer v8 employs multiple evasion techniques to avoid detection, including code obfuscation, anti-sandboxing, and anti-VM (Virtual Machine) checks. It communicates with a command-and-control (C2) server to exfiltrate stolen data, which is then sold on underground forums or used for further attacks.
Key Features
1. Credential Theft
Mars Stealer v8 extracts saved login credentials from multiple web browsers, including:- Chromium-based browsers (Chrome, Edge, Brave, Opera)
- Firefox (including profiles and saved passwords)
- Internet Explorer (legacy systems)
- FTP clients (FileZilla, WinSCP)
- Email clients (Outlook, Thunderbird)
- VPN and RDP credentials
2. Cryptocurrency Wallet Theft
The malware scans for and steals:- Browser-based wallets (MetaMask, Binance Chain Wallet)
- Desktop wallets (Exodus, Electrum, Atomic Wallet)
- Wallet.dat files (Bitcoin Core, Dash, Litecoin)
3. Cookie & Session Hijacking
Mars Stealer v8 steals browser cookies and session tokens, enabling attackers to bypass two-factor authentication (2FA) and hijack active sessions on platforms like:- Banking websites
- Social media (Facebook, Twitter, Instagram)
- E-commerce sites (Amazon, eBay)
