Styx Stealer, a newly diagnosed malware, is discreetly focused on Windows computer systems to steal cryptocurrency. First flagged via cybersecurity organization Check Point Research in April, Styx is a more desirable model of Phemodrone Stealer. The malware exploits a formerly patched Windows vulnerability to hijack cryptocurrency transactions and borrow sensitive records, including private keys, browser cookies, and autofill statistics.
Phemodrone emerged earlier in 2024, primarily concentrated on web browsers to drain cryptocurrency wallets and gather other consumer statistics. Both Styx and Phemodrone make the most of a loophole in Windows Defender’s SmartScreen function, which is designed to warn users about probably harmful websites and downloads.
However, Styx introduces an extra risky chance via its crypto-clipping feature. This mechanism monitors the clipboard for changes and replaces copied cryptocurrency wallet addresses with the ones controlled by using the attacker. The Phorpiex botnet had formerly used this method to hijack crypto transactions.
According to Check Point Research, Styx can understand wallet addresses across 9 blockchains, such as Bitcoin, Ethereum, Monero, Ripple, Litecoin, Bitcoin Cash, Stellar, Dash, and Neo. This makes the malware specifically dangerous to users of those cryptocurrencies.
Chromium- and Gecko-based browsers, along with facts from browser extensions, Telegram, and Discord, are in particular susceptible. The malware’s builder comes with an autorun feature and a person-friendly interface, making it less complicated for cybercriminals to customize and install.
Styx additionally employs primary anti-evaluation techniques to prevent detection. It terminates tactics associated with debugging equipment and detects virtual device environments. If a digital device is detected, Styx mechanically deletes itself.
The malware is distributed and offered manually via the Telegram account @styxencode and the internet site styxcrypter.com. Check Point Research has exposed commercials and YouTube motion pictures selling the malicious software. At least fifty four people have paid the Styx developer around $9,500 in cryptocurrency. Unlike Phemodrone, Styx is available for a month-to-month fee of $75, $230 for 3 months, or $350 for lifetime access.
The quantity of budget stolen or structures inflamed with the aid of Styx stays unknown. Crypto-stealing malware has additionally been discovered on macOS, focused on Bitcoin and Exodus wallets. As the crypto region expands, hacks and thefts have ended up an increasing number of worthwhile, though a few notorious danger actors have lately shut down operations.
Disclaimer
NextNews strives for accurate tech news, but use it with caution - content changes often, external links may be iffy, and technical glitches happen. See full disclaimer for details.