Check Point detects Styx Stealer cryptocurrency theft malware
The program is capable of intercepting cryptocurrencies when they are sent to other addresses

19.08.2024 - 08:20
275
3 min
0
What’s new? Cybersecurity solutions provider Check Point has discovered a malware called Styx Stealer, designed to steal data and cryptocurrencies using a clipping mechanism. Styx Stealer is freely available on the developer's website, and Windows users running the latest version of the OS are protected from the attack because the program exploits a vulnerability in Microsoft's Windows Defender antivirus that was patched last year.
What else is known? Styx Stealer is based on the older Phemedrone Stealer malware and has a number of similar features such as stealing saved passwords, autofill cookies and cryptocurrency wallet data, but also includes new evasion techniques and a crypto clipper feature.
Crypto clipping is the substitution of the cryptocurrency recipient's cryptocurrency wallet address for the attacker's address during a transaction.
Styx Stealer, which was launched in April, is available at $75/month or $350 for a lifetime license. Pricing and features were available on the developer's website until August 16, when they were replaced with information about another product. Purchases could be made via Telegram messenger using bitcoin, LTC, TRX, XMR, or USDT stablecoins. Previously, tutorials for the program were also available on YouTube.
Point Research identified eight wallets allegedly belonging to a Turkey-based Styx Stealer developer, known by the nickname Sty1x, who received about $9500 for subscribing to the program in its first two months of operation. They were also able to uncover the developer's Telegram accounts, email addresses, phone numbers and contacts.
Researchers said Sty1x is in contact with other cybercriminals, including a hacker under the nickname Fucosreal who created a RAT trojan called Agent Tesla to extract data, spread via a Telegram bot.

Losses from crypto project hacks rose by 51% in a month
The incidents resulted in a loss of $266 million
Earlier, a group of researchers discovered a new method for hacking hardware cryptocurrency wallets in which a hacker can reconstruct a user's seed phrase from one-time transaction codes.
Useful material?
Market
Analysts at JPMorgan Bank believe the asset will continue to face pressure amid growing competition
Feb 6, 2025
Market
The hacker used the account to promote MEOW and DCOIN scam tokens
Feb 6, 2025
Market
The company’s operating expenses rose 693% year-over-year to $1,103 billion
Feb 6, 2025
Crypto regulations
Group head Hester Peirce criticized the regulatory approach formed by former chairman Gary Gensler
Feb 5, 2025
Incidents
This status has been maintained for the first cryptocurrency since September 2021 but was canceled due to pressure from the IMF
Feb 3, 2025
Market
The Taproot Assets network will be used for the integration
Jan 31, 2025