Styx Stealer is a new malware posing a significant threat to Windows users by stealing cryptocurrency and sensitive data from computers. Check Point Research has provided detailed insights into this malware.
Discovery and Features
The Styx Stealer malware was first identified by cybersecurity firm Check Point Research in April as a more robust version of the Phemodrone Stealer. It exploits a now-patched Windows vulnerability to hijack cryptocurrency transactions and steal data such as private keys and browser cookies.
Operation Mechanism
Styx Stealer exploits a vulnerability in the Windows Defender's SmartScreen feature. It replaces copied cryptocurrency wallet addresses with those belonging to attackers. The malware can identify wallet addresses across nine blockchains, including Bitcoin, Ethereum, Monero, and others. It also features autorun capabilities and a user-friendly interface, making it easier for cybercriminals to customize and deploy.
Infection and Distribution
Styx Stealer is distributed via the Telegram account @styxencode and the website styxcrypter[.]com. Users have sent the malware's developers approximately $9,500 using various cryptocurrencies. Additionally, advertisements and YouTube videos promoting this malware have been discovered.
Styx Stealer poses a risk to users by stealing their cryptocurrency assets. It is essential to remain vigilant about security and keep system and antivirus software updated to prevent infections.
Comments