Mars Stealer can be spread through various channels such as file-hosting websites, torrent clients, and any other shady downloaders. After infecting a system, the first thing the malware does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus, or Russia, the software leaves the system without any malicious action.
For the rest of the world, the malware targets a file that holds sensitive information such as crypto wallets’ address info and private keys. It then leaves the system by deleting any presence once the theft is complete.
Users who hold their crypto assets on browser-based wallets or use browser extensions like Authy to utilize 2FA are warned to be cautious against clicking dubious links or downloads.
