"Cloned Atomic Wallet Website Is Pushing Mars Stealer Malware"

A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also functions as a cryptocurrency exchange portal, is distributing copies of the Mars Stealer information-stealing malware. When the genuine and fake websites are compared, it becomes clear that the latter is not a carbon copy of the former, but it still uses the official logos, themes, marketing images, and structure. The fake website even has a contact form, an email address, and a FAQ section. Those unfamiliar with the legitimate Atomic wallet site, on the other hand, could easily believe the imposter is genuine. People may end up there due to social media malvertising, direct messages on various platforms, SEO poisoning, or spam email. Visitors attempting to download the software are given three options: Windows, iOS, and Android. Clicking on iOS does nothing while clicking on Google Play takes the user to the official Atomic Wallet app on the Play Store. Clicking on the Windows button will download a ZIP file named "Atomic Wallet.zip," which contains malicious code that installs the Mars Stealer. Mars Stealer is a new information-stealer that targets account credentials stored in web browsers, cryptocurrency extensions and wallets, and two-factor authentication plugins. This article continues to discuss the distribution and capabilities of the new Mars Stealer malware. 

Bleeping Computer reports "Cloned Atomic Wallet Website Is Pushing Mars Stealer Malware"