Mars Stealer was discovered in June 2021 and was available for sale on a few underground cybercrime forums. When the user clicks on the “ Download for Windows” button, it connects to shortened URL “ hxxps://bitly/3PRDyH8” and downloads a Zip file named “ Atomic Wallet.zip“.Īfter a detailed investigation, the downloaded file was identified as a Mars Stealer sample. The App Store button is inactive while, the Google Play button redirects the user to the genuine Atomic Wallet Play Store link. When the user interacts with the “ Download” button, the phishing site redirects to the download options page, where the user can download Atomic wallet for Windows, iOS, and Android, as shown in the below image. Figure 2 – Content on Phishing site to appear legitimate The phishing site appears to be genuine as the TA provided some attractive content such as Trusted Reviews, Cashback, FAQ, Partners, Contact Us page, Support, and Update History. Upon investigating the phishing site, we observed that the TA has invested time in developing a well-designed phishing site to trick victims into downloading the malware. Figure 1 – Phishing site impersonating Atomic Wallet website Additionally, the Threat Actor is trying to copy the UI of a genuine website to trick the user, as shown in the below image. The phishing site “hxxp://atomic-walletnet” uses the icon and name of the Atomic wallet. During a routine threat-hunting exercise, we came across a Twitter post where a researcher mentioned a fake Atomic wallet site distributing Mars Stealer. It opens the door for various malicious activities like phishing, scams, hacking, delivering malware, etc.Ĭyble Research Labs has constantly been tracking malicious activities targeting Cryptocurrency wallets. Despite gaining popularity worldwide, Cryptocurrency also has its downsides.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |