Hackers are locking out Mars Stealer operators from their own servers

Create A Website for $1.99/Month

A security research and hacking startup says it has found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims.

Mars Stealer is data-stealing malware as a service, allowing cybercriminals to rent access to the infrastructure to launch their own attacks. The malware itself is often distributed as email attachments, malicious ads and bundled with torrented files on file-sharing sites. Once infected, the malware steals a victim’s passwords and two-factor codes from their browser extensions, as well as the contents of their cryptocurrency wallets. The malware can also be used to deliver other malicious payloads, like ransomware.

Earlier this year, a cracked copy of the Mars Stealer malware leaked online, allowing anyone to build their own Mars Stealer command and control server, but its documentation was flawed, and guided would-be bad actors to configure their servers in a way that would inadvertently expose the log files packed with user data stolen from victims’ computers. In some cases, the operator would inadvertently infect themselves with malware and expose their own private data.

Mars Stealer gained traction in March after the takedown of Raccoon Stealer, another popular data-stealing malware. That led to an uptick in new Mars Stealer campaigns, including the mass-targeting of Ukraine in the weeks following Russia’s invasion, and a large-scale effort to infect victims by malicious ads. By April, security researchers said they found more than 40 servers hosting Mars Stealer.

Now, Buguard, a penetration testing startup, said the vulnerability it discovered in the leaked malware lets it remotely break in and “defeat” Mars Stealer command and control servers that are used to steal data from victim’s infected computers.

Youssef Mohamed, the company’s chief technology officer, told TechCrunch that the vulnerability, once exploited, deletes the logs from the targeted Mars Stealer server,…


Read More

You May Also Like

About the Author: V. Moss