Last updated:
Cybersecurity researchers at Check Point Research have uncovered a new threat targeting cryptocurrency users, dubbed the Styx Stealer malware.
The malicious software is capable of stealing a wide range of sensitive information, including cryptocurrency, by employing a technique known as clipping.
This method allows the malware to intercept and alter the recipient’s wallet address during transactions, diverting funds to the attacker’s account.
Styx Stealer Offered on Rental Basis
Styx Stealer is being offered on a rental basis through its developer’s website, with prices set at $75 per month or $350 for a lifetime license.
Initially launched in April, the malware has already been implicated in numerous attacks.
Notably, it is derived from an older malware variant known as Phemedrone Stealer, but with enhanced features including new detection evasion tactics and the addition of a crypto clipper function.
The malware’s discovery came about unexpectedly when the developer experienced a data leak during debugging.
The incident allowed researchers to trace the origins of Styx Stealer and uncover critical information about its operations.
It was revealed that the developer, based in Turkey, had amassed approximately $9,500 in cryptocurrency payments within the first two months of the malware’s release.
These payments were tracked to eight cryptocurrency wallets linked to the developer.
Styx Stealer primarily exploits a vulnerability in Microsoft Windows Defender, which was patched last year.
As a result, Windows users with up-to-date systems are not at risk.
However, those who have not updated their systems remain vulnerable to this malware.
The website promoting Styx Stealer, styxcrypter.com, initially featured detailed pricing and product information but was altered on August 16 to showcase a different product.
Purchases were facilitated through Telegram using various cryptocurrencies, including Bitcoin and Tether.
Check Point Research has also identified the developer’s Telegram accounts, email addresses, and phone numbers, providing critical leads for further investigation.
Overall Illicit Crypto Transactions Drop in 2024
A recent Chainalysis report revealed a decline in overall illicit cryptocurrency transactions in 2024, even as specific types of criminal activities within the sector surged.
Released on August 15 as part of the mid-year crypto crime update, the report found that hacking and ransomware attacks were becoming increasingly prevalent.
Two categories, in particular – stolen funds through hacking and ransomware attacks – have seen an uptick.
Of particular concern is the resurgence of hacking in 2024. Chainalysis noted a substantial increase in the value of stolen assets.
By the end of July, the cumulative value of stolen cryptocurrencies had reached $1.58 billion – an 84% increase compared to the same period in 2023.
While the number of hacking incidents only increased slightly (2.8% year-over-year), the average value stolen per hack surged dramatically.
In July alone, hackers stole approximately $266 million through 16 separate breaches, dealing the crypto sector substantial losses.
The July 18 attack on Indian crypto exchange WazirX stands out. This attack alone accounted for over $230 million, or 86.4%, of the month’s total losses.