Criminals are posing as (opens in a new tab) Atomic Wallet to try to distribute Mars Stealer malware, researchers warn.
Atomic Wallet is one of the most popular cryptocurrency wallets (Opens in a new tab) which, in addition to being able to store people's digital tokens, also acts as an exchange, allowing users to trade between different types of cryptocurrencies. . The Android version alone has over a million users.
But it's not the Android version that's under attack here, it's the Windows version, as a malware researcher named Dee discovered a fake Atomic Wallet website that, while not exactly resembling the legitimate site, always uses logos. officers. , themes, marketing images and corporate structure. Visitors can also find email addresses, FAQs, and a contact form.
fake windows app
But, above all, you will find three download options: iOS, Android and Windows. The iOS button does nothing, while the Android one redirects to the legitimate Play Store app, presumably to trick people into trusting the site. Finally, the Windows button triggers the download of a file called "Atomic Wallet.zip", which contains the Mars Stealer dropper.
Those who have already visited the official website will not be fooled by this impostor, but those who are not familiar with the official Atomic Wallet internet presentation very well might.
It is not that difficult to end up on the fake website as well. Cybercriminals deploy a variety of tactics, from social media ad campaigns and social engineering attacks to SEO poisoning and old-fashioned email spam (opens in a new tab).
Mars Stealer is a classic information stealing malware. Once it reaches an endpoint, it will search for saved credentials in browsers, as well as cryptocurrency extensions, wallets, and two-factor authentication plugins. At the time of publication, the site is still active, the post claims.
To stay safe, always check that you are downloading from the official source, which you can do by browsing the website directly, rather than clicking on links in emails, ads, or direct messages.
Via: BleepingComputer (Opens in a new tab)