In actuality, copies of the data-stealing virus Mars Stealer are being distributed by a phony website serving as the official gateway for the Atomic wallet, a well-known decentralized wallet that also functions as a cryptocurrency exchange center. The fake website was found on Monday by malware researcher Dee, but as of this writing, it is still operational and continuing to spread copies of the aforementioned infection.

The Google Play button directs users to the official Atomic Wallet app on the Play Store, while the iOS button has no impact. When the Windows button is pressed, a ZIP file called “Atomic Wallet.zip” that contains the Mars Stealer virus is downloaded. Two-factor authentication plugins, cryptocurrency extensions and wallets, and account credentials saved in web browsers are all targets of a new data thief known as Mars Stealer. We uncovered in March that Google Ads’ deceptive advertising campaigns were distributing Mars Stealer using the OpenOffice brand. Visitors attempting to download the software are met with three buttons for the Windows, iOS, and Android versions.

According to a technical analysis published by Cyble yesterday, the distribution mechanism for the ongoing Mars Stealer operation goes to great lengths to avoid being found.