Meet a racist malware targetting extension based wallets

[libert19]

No, that wasn't a typo, this malware is indeed racist.

Named 'Mars Stealer' and as expected from malwares - it spreads through channels such as file-hosting websites, torrent clients, shady downloaders, etc.

The first thing it does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software leaves the system without any malicious action otherwise you are fucked.

Read complete story: https://cointelegraph.com/news/hodlers-beware-new-malware-targets-metamask-and-40-other-crypto-wallets

[Little Mouse]

Posted here too- https://bitcointalk.org/index.php?topic=5384035.0

[NeuroticFish]

The first thing it does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software leaves the system without any malicious action otherwise you are fucked.

This is somewhat funny, since I expect that like everywhere on the world, quite a lot of users from those countries will have their windoze in US English only.
So it's a rather stupid way to be "racist"


It has to be the primary language or any?
It has occurred to me that maybe if we install one of those languages would this malware leave us alone?

[BIT-BENDER]

Wasted technology, for real how would an individual phantom the idea of creating such menace beats my imagination, it's good a thing this such Malware has been pointed out but how does it operate, apart from the fact that it has targeted citizens, and also how can so one with low or average tech knowledge protect themselves from such knowledge, I believe there are newbies who still doesn't understand how this malware stuff works.

[mk4]

The first thing it does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software leaves the system without any malicious action otherwise you are fucked.

9000 IQ move: actually change your device's language ID to any of those language IDs, just to be sure.

Jokes aside — not sure if I would call this "racist" though, as it's not necessarily an attack on a certain race, but rather the hacker is just protecting his folks I guess(not to make him/her less of a criminal though, obviously).

[aysg76]

This is somewhat funny, since I expect that like everywhere on the world, quite a lot of users from those countries will have their windoze in US English only.
So it's a rather stupid way to be "racist"

I also thought of the same way as most of the devices have the in built option of default language as English and you can change it in the settings or boot up process but as you said mostly prefer English as it's easy to navigate in that language.So this attack will not protect all the citizens of those restricted malware attempts.Maybe it's racist attack but not fully planned by them.

But still you can protect yourself by using hardware wallets or cold storage and your seed phrases not being compromised then you could prefer any language and it won't affect you but most of us ignore the safety measures.

[lovesmayfamilis]

Wasted technology, for real how would an individual phantom the idea of creating such menace beats my imagination, it's good a thing this such Malware has been pointed out but how does it operate, apart from the fact that it has targeted citizens, and also how can so one with low or average tech knowledge protect themselves from such knowledge, I believe there are newbies who still doesn't understand how this malware stuff works.

You just need to follow the most common safety precautions. It's not news when we hear that when using torrents and all sorts of cracks, there is a chance that some kind of malware will be embedded in them. Do not combine your work and entertainment on one device. Don't decorate your browser like a Christmas tree with extensions. Well, the most obvious, update your systems and use high-quality antivirus. Everything that is distributed on the Internet under the motto "free" always carries the connotation of deception.
Any beginner should understand this in our time

[PrimeNumber7]

According to the article you cited, the malware is for sale to third parties who want to try to infect others for profit.

My speculation is that, whoever created the malware wanted to prevent themselves and their countrymen from getting infected, possibly due to legal concerns (for example, if people in their home country are getting infected, that country's law enforcement may devote more resources into trying to catch whoever created the malware). The langue setting could be broad enough such that it is unlikely that anyone in their home country will actually see their coin stolen, for example if people in their home country speaks a diverse set of languages.

[jerry0]

What is the exact reason for this again?  Is it because concern of issue with their own government?