Introduction It has been noticed that Oski support stopped answering its customers and deleted its telegram account and bot around July 2, 2020. This disappearance has raised eyebrows, as major projects like KPOT Stealer and Predator The Thief don’t usually just go away. Recently, I came across a sample of Mars Stealer, which appears to be an upgraded version of Oski Stealer. Since Mars Stealer is gaining popularity, I have decided to write a technical analysis about this stealer.
I'm a former Ukrainian threat hunter and malware analyst, currently researching cybercrime. I'm open to cooperation with anyone interested in my work, so feel free to contact me.