Mars Stealer
Also known as: Mars
Mars Stealer is an infostealer derived from the older Oski stealer that targets browser credentials, cookies, cryptocurrency wallets, and two-factor authentication browser extensions. It saw a surge in distribution through cracked-software and malvertising campaigns.
What is Mars Stealer?
Mars Stealer is an infostealer built on the lineage of the earlier Oski stealer. Sold on underground markets, it collects credentials, cookies, autofill, and cryptocurrency assets, and specifically targets browser extensions used for two-factor authentication and crypto wallets.
Distribution
Mars Stealer spread heavily through cracked software, key generators, and malvertising that placed malicious sites near the top of search results for popular applications. This made everyday users searching for free software a primary victim pool.
Why Mars matters
By targeting 2FA and wallet extensions directly, Mars Stealer increased the risk that a single infection would lead to account takeover and cryptocurrency theft, not just password exposure.
VantaPrism ingests Mars Stealer logs and flags when stolen data includes session cookies or wallet artifacts, helping teams gauge whether an exposure could enable MFA bypass or financial theft.
Check Your Exposure arrow_forwardFrequently Asked Questions
What malware is Mars Stealer based on?
Does Mars Stealer target cryptocurrency?
Related Terms
Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…
Cookie theft is the stealing of browser cookies — especially authenticated session cookies — so attackers can imperso…
Account takeover (ATO) is when an attacker gains unauthorized control of a legitimate user account, typically using s…
Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…