A Cybersecurity research firm discovered the crypto-clipping Styx Stealer.
Developer’s mistake exposed the malware’s creators, financial and operations details.
Styx Stealer is linked to the Phemedrone Stealer family and Agent Tesla.
Check Point Research (CPR), a cybersecurity solution provider and research firm, has discovered a new malware named the Styx Stealer. This malware can carry out various malicious activities, including looting cryptocurrency. It robs crypto, leveraging its “clipping” functionality.
Apart from clipping-powered crypto stealing, Styx Stealer can embezzle browser data and instant messenger sessions. The malware also has auto-start functionality, making it more risky.
Styx Stealer is a new variant of malware from the Phemedrone Stealer family. A threat actor ‘Agent Tesla,’ also known for its links with the threat actor named Fucosreal, has developed this malware.
Getting Exposed: The Details from CPR
The developer of this malware made a critical error that exposed it to CPR. The error was executed during the debugging of Styx Stealer, leading to the breach of sensitive data related to the malware.
A screenshot of the Styx Stealer developer’s desktop during debugging. Credit: Check Point Research
CPR has managed to gather details about the personal details of the malware developer team as well as their clients and financial transactions. After a more detailed research, CPR managed to fetch intelligence on the connection of the cybercrime syndicate with the Styx Stealer group.
As per CPR, dreaded cybercriminals like Fucosreal have connections with the malware developer. CPR has also revealed that the malware is developed from an older version of Phemedrone Stealer. It lacks a lot of advanced features that are available in the newer versions of the Phemedrone Stealer.
The agency has also managed to identify the individuals linked to Styx Stealer, their locations and personal details.
The developer made an error while debugging the Malware, leading to a failure in the operational security or OpSec. This failure led to the compromise of the campaign and further resulting in failure to distribute the malware.
Details About Styx Stealer
The malware can easily steal cookies, crypto wallet data, saved passwords, auto-fill data and instant messenger sessions on the compromised devices.
Credit: Check Point Research
Styx Stealer was launched this year in April and was available for license at $75 per month and $350 for lifetime licensing.
A crypto clipper functionality and the latest detection evasion techniques power it. Crypto clipping is the feature that helps Styx Stealer replace the original crypto wallet with the malicious actor’s wallet. This replacement then leads to the digital currency being transferred to the wallet of the threat actor.
CPR has also discovered eight accounts linked to the Turkey-based developer team of malware. They have received payments worth $9500 in crypto within the first two months of its launch.