Criminals are impersonating (opens in new tab) Atomic Wallet to try and distribute the Mars Stealer malware, researchers have warned.
Atomic Wallet is one of the more popular cryptocurrency wallets (opens in new tab) that, aside from being able to store people’s digital tokens, also acts as an exchange, allowing users to swap between different types of cryptocurrencies. The Android version alone has more than a million users.
But it’s not the Android version that’s under assault here, but rather, the Windows version, as a malware researcher going by the name Dee, discovered a fake Atomic Wallet website which, although it doesn’t look exactly like the legitimate one, still uses the company’s official logos, themes, marketing images, and structure. Visitors can also find email addresses, the FAQ section, and a contact form.
Fake Windows app
But most importantly, they will find three download options – iOS, Android, and Windows. The iOS button does nothing, while the Android one redirects to the legitimate Play Store app, probably to trick people into trusting the site. Finally, the Windows button triggers the download of a file named “Atomic Wallet.zip”, which contains the Mars Stealer dropper.
Those who have visited the official site before will not be fooled by this imposter, but those unfamiliar with Atomic Wallet’s official internet presentation very well might.
It’s not that hard to end up on the fake website, too. Cybercriminals deploy a whole swathe of tactics, from advertising campaigns on social media, to social engineering attacks, to SEO poisoning, and the old-fashioned email spam (opens in new tab).
Mars Stealer is a classic infostealer malware. Once it lands on an endpoint, it will look for credentials saved in the browsers, as well as cryptocurrency extensions, wallets, and two-factor authentication plugins. At press time, the site is still online, the publication claims.
To stay safe, always double-check you’re downloading from the official source, which you can do by navigating directly to the website, rather than clicking on links in emails, advertising campaigns, or direct messages.
Via: BleepingComputer (opens in new tab)