New Wave of Malware Targets MetaMask Users

A new alert has been made that a malicious malware that can be found in internet downloads is targeting browser-based extensions like crypto wallets and 2FA accounts.

MetaMask, Coinbase Wallet, MyEtherWallet, Binance Chain Wallet, TronLink and others are the main targets.

The malware will make the wallet look like it is functioning normally, but it will send your funds to an alternate address. Once the transaction is made, there is no way to recover the funds.

The malware is named Mars Stealer and is available on the dark web for the low price of $140.

This small price for possibly large returns will make it a popular choice for hackers. Torrents, file sharing sites and other downloading software are prime grounds for this new malware.

Browser based wallets are among the most popular in the cryptocurrency industry. Their ease of use and locally stored private keys make it a good non-custodial wallet for early users.

As MetaMask and most other browser-based wallets do not store keys on the web, the only way a hacker can access your MetaMask account is either through phishing or malware.

Users with cloud based 2FA accounts like Authy are also at risk of having their backup keys stolen via this malware.

The trick to avoiding this malware is to ensure you keep the computer you use for cryptocurrencies clean. Install proper anti-virus software and run it before attempting to do any transactions.

For users with hardware wallets, always make sure the address that displays on the physical device matches the address you are trying to send to.

Also, do not use any 2FA authenticator that uses cloud-based storage. Instead download one that stores the keys locally and be sure to safeguard and store the backup keys.

It is recommended that you do not do your daily internet browsing and downloads on the same computer that you do financial transactions with. This goes for both cryptocurrency and traditional finance.

Other sites have claimed that MetaMask has been hacked when this is not the case. Non-custodial sites cannot be accessed through hacking MetaMask because they do not hold your private keys. Individual machines must be hacked to access non-custodial wallets.

Stay safe everyone and keep your computers clean!



Updated: 02/08/2022 — 12:00