Another major crypto wallet and exchange has been hijacked

Bitcoin mining
(Image credit: Pixabay)

Criminals are impersonating Atomic Wallet to try and distribute the Mars Stealer malware, researchers have warned.

Atomic Wallet is one of the more popular cryptocurrency wallets that, aside from being able to store people’s digital tokens, also acts as an exchange, allowing users to swap between different types of cryptocurrencies. The Android version alone has more than a million users.

But it’s not the Android version that’s under assault here, but rather, the Windows version, as a malware researcher going by the name Dee, discovered a fake Atomic Wallet website which, although it doesn’t look exactly like the legitimate one, still uses the company’s official logos, themes, marketing images, and structure. Visitors can also find email addresses, the FAQ section, and a contact form.

Fake Windows app

But most importantly, they will find three download options - iOS, Android, and Windows. The iOS button does nothing, while the Android one redirects to the legitimate Play Store app, probably to trick people into trusting the site. Finally, the Windows button triggers the download of a file named “Atomic”, which contains the Mars Stealer dropper. 

Those who have visited the official site before will not be fooled by this imposter, but those unfamiliar with Atomic Wallet’s official internet presentation very well might. 

It’s not that hard to end up on the fake website, too. Cybercriminals deploy a whole swathe of tactics, from advertising campaigns on social media, to social engineering attacks, to SEO poisoning, and the old-fashioned email spam

Mars Stealer is a classic infostealer malware. Once it lands on an endpoint, it will look for credentials saved in the browsers, as well as cryptocurrency extensions, wallets, and two-factor authentication plugins. At press time, the site is still online, the publication claims. 

To stay safe, always double-check you’re downloading from the official source, which you can do by navigating directly to the website, rather than clicking on links in emails, advertising campaigns, or direct messages. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.