Check Point detects Styx Stealer cryptocurrency theft malware
The program is capable of intercepting cryptocurrencies when they are sent to other addresses
19.08.2024 - 08:20
781
3 min
0
What’s new? Cybersecurity solutions provider Check Point has discovered a malware called Styx Stealer, designed to steal data and cryptocurrencies using a clipping mechanism. Styx Stealer is freely available on the developer's website, and Windows users running the latest version of the OS are protected from the attack because the program exploits a vulnerability in Microsoft's Windows Defender antivirus that was patched last year.
What else is known? Styx Stealer is based on the older Phemedrone Stealer malware and has a number of similar features such as stealing saved passwords, autofill cookies and cryptocurrency wallet data, but also includes new evasion techniques and a crypto clipper feature.
Crypto clipping is the substitution of the cryptocurrency recipient's cryptocurrency wallet address for the attacker's address during a transaction.
Styx Stealer, which was launched in April, is available at $75/month or $350 for a lifetime license. Pricing and features were available on the developer's website until August 16, when they were replaced with information about another product. Purchases could be made via Telegram messenger using bitcoin, LTC, TRX, XMR, or USDT stablecoins. Previously, tutorials for the program were also available on YouTube.
Point Research identified eight wallets allegedly belonging to a Turkey-based Styx Stealer developer, known by the nickname Sty1x, who received about $9500 for subscribing to the program in its first two months of operation. They were also able to uncover the developer's Telegram accounts, email addresses, phone numbers and contacts.
Researchers said Sty1x is in contact with other cybercriminals, including a hacker under the nickname Fucosreal who created a RAT trojan called Agent Tesla to extract data, spread via a Telegram bot.
Losses from crypto project hacks rose by 51% in a month
The incidents resulted in a loss of $266 million
Earlier, a group of researchers discovered a new method for hacking hardware cryptocurrency wallets in which a hacker can reconstruct a user's seed phrase from one-time transaction codes.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$58 251
BTC
-1.44%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.03
XRP
-1.19%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.070299
DOGE
-2.58%
-
Zcash
$398.15
ZEC
+3.15%
-
Stellar XLM
$0.179124
XLM
+3.92%
-
Cardano
$0.143796
ADA
-0.18%
-
Polkadot
$3.32
DOT
+5.27%