Another major crypto wallet and exchange has been hijacked
Atomic Wallet has an impostor
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Criminals areimpersonatingAtomic Wallet to try and distribute the Mars Stealer malware, researchers have warned.
Atomic Wallet is one of the more popularcryptocurrency walletsthat, aside from being able to store people’s digital tokens, also acts as an exchange, allowing users to swap between different types of cryptocurrencies. The Android version alone has more than a million users.
But it’s not the Android version that’s under assault here, but rather, the Windows version, as a malware researcher going by the name Dee, discovered a fake Atomic Wallet website which, although it doesn’t look exactly like the legitimate one, still uses the company’s official logos, themes, marketing images, and structure. Visitors can also find email addresses, the FAQ section, and a contact form.
Fake Windows app
But most importantly, they will find three download options - iOS, Android, and Windows. The iOS button does nothing, while the Android one redirects to the legitimatePlay Storeapp, probably to trick people into trusting the site. Finally, the Windows button triggers the download of a file named “Atomic Wallet.zip”, which contains the Mars Stealer dropper.
Those who have visited the official site before will not be fooled by this imposter, but those unfamiliar with Atomic Wallet’s official internet presentation very well might.
It’s not that hard to end up on the fake website, too. Cybercriminals deploy a whole swathe of tactics, from advertising campaigns on social media, to social engineering attacks, toSEOpoisoning, and the old-fashionedemail spam.
FBI warns against fake crypto apps that have already stolen millions>Hackers are using fake apps and wallets to steal your crypto>These are the best firewalls at the moment
Mars Stealer is a classic infostealer malware. Once it lands on an endpoint, it will look for credentials saved in the browsers, as well as cryptocurrency extensions, wallets, and two-factor authentication plugins. At press time, the site is still online, the publication claims.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To stay safe, always double-check you’re downloading from the official source, which you can do by navigating directly to the website, rather than clicking on links in emails, advertising campaigns, or direct messages.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Your doctor may have an AI assistant taking notes during your next Zoom call
