Check Point detects Styx Stealer cryptocurrency theft malware

What’s new? Cybersecurity solutions provider Check Point has discovered a malware called Styx Stealer, designed to steal data and cryptocurrencies using a clipping mechanism. Styx Stealer is freely available on the developer's website, and Windows users running the latest version of the OS are protected from the attack because the program exploits a vulnerability in Microsoft's Windows Defender antivirus that was patched last year.

Check Point report

What else is known? Styx Stealer is based on the older Phemedrone Stealer malware and has a number of similar features such as stealing saved passwords, autofill cookies and cryptocurrency wallet data, but also includes new evasion techniques and a crypto clipper feature.

Crypto clipping is the substitution of the cryptocurrency recipient's cryptocurrency wallet address for the attacker's address during a transaction.

Styx Stealer, which was launched in April, is available at $75/month or $350 for a lifetime license. Pricing and features were available on the developer's website until August 16, when they were replaced with information about another product. Purchases could be made via Telegram messenger using bitcoin, LTC, TRX, XMR, or USDT stablecoins. Previously, tutorials for the program were also available on YouTube.

Point Research identified eight wallets allegedly belonging to a Turkey-based Styx Stealer developer, known by the nickname Sty1x, who received about $9500 for subscribing to the program in its first two months of operation. They were also able to uncover the developer's Telegram accounts, email addresses, phone numbers and contacts.

Researchers said Sty1x is in contact with other cybercriminals, including a hacker under the nickname Fucosreal who created a RAT trojan called Agent Tesla to extract data, spread via a Telegram bot.

Losses from crypto project hacks rose by 51% in a month

The incidents resulted in a loss of $266 million

Read more

Earlier, a group of researchers discovered a new method for hacking hardware cryptocurrency wallets in which a hacker can reconstruct a user's seed phrase from one-time transaction codes.