Styx Stealer: The Evolved Threat to Your Crypto and Data - #Phemedrone
Check Point Research (CPR) has uncovered a new malware named Styx Stealer, which is derived from the Phemedrone Stealer and linked to the Agent Tesla threat actor Fucosreal. The malware is designed to steal a wide range of data including browser information, cryptocurrency wallet data, and instant messenger sessions, and is sold via subscription on a dedicated website. Styx Stealer's developer, identified as Sty1x from Turkey, inadvertently leaked sensitive information during debugging, providing CPR with valuable intelligence on the malware's distribution and the cybercriminal network behind it. The malware exploits a vulnerability in Windows Defender SmartScreen and includes advanced features like clipboard monitoring and crypto-clipping. Despite attempts to distribute Styx Stealer via spam campaigns, no real victims have been identified among CPR's clients. This case highlights the importance of operational security for cybercriminals and the significant intelligence gains that can be made from their mistakes.