A new and advanced piece of malware called “Styx Stealer” is targeting computers that run Windows. Its main goal is to take over cryptocurrency operations and steal private information. Check Point Research (CPR), a defense company, first discovered Styx Stealer in April 2024. It is a stronger version of the earlier Phemodrone Stealer.
Styx Stealer takes advantage of a newly fixed security hole in Windows and targets Windows Defender, the operating system’s built-in antivirus program. Malware takes advantage of a weakness in Defender’s SmartScreen feature, which keeps users safe from dangerous websites and downloads.
Because of this flaw, Styx Stealer can scan the clipboard for cryptocurrency wallet addresses and swap them with addresses that belong to the attacker. This is called “crypto-clipping.”
The Phorpiex botnet has used this method before to take over cryptocurrency transfers, so it’s not completely new. However, Styx Stealer creates new threats by being able to do more than just crypto-clipping.
Crypto Malware Styx Stealer Exploits Browsers
Malware can get into computers that use Chromium or Gecko and steal information from cookies, browser extensions, and autofill fields. It can also break into messaging apps like Telegram and Discord, which makes it easier for hackers to steal private data.
The builder for Styx Stealer has an auto-run tool and an easy-to-use graphical interface, making it simple for hackers to change and spread the malware. Fears among cybersecurity experts are that even less skilled hackers could easily spread this malware because these tools are so easy to get.
Malware also has simple anti-analysis tools built in to prevent it from being found. It stops processes that are connected to debugging tools and can tell when they are running on a virtual machine. If this kind of environment is found, Styx Stealer deletes itself so that security experts can’t examine it.
Styx Stealer is sold and given away by hand through the website styxcrypter[.]com and the Telegram account @styxencode. CPR has found ads and YouTube movies that promote the malware, which suggests a coordinated effort to market and sell it. Styx Stealer costs $75 monthly, $230 for three months or $350 for life. Its predecessor was free.
According to CPR, at least 54 people have bought Styx Stealer and paid for it with cryptocurrencies like Bitcoin and Litecoin, totaling about $9,500. Even with these results, it’s still unclear how much cryptocurrency was stolen or how many computers were infected by Styx Stealer.
The latest piece of malware to target the growing bitcoin market is Styx Stealer. Kaspersky, an antivirus software company, reported earlier this year that similar malware was aimed at Apple’s macOS and especially at Bitcoin and Exodus wallets by replacing the original software with changed versions.
Hacks and steals are becoming more profitable as the crypto industry grows. Every year, millions of dollars are lost. However, some well-known threat actors suddenly stopped what they were doing. Angel Drainer stopped working last month.
It was a drainer-as-a-service malware that was responsible for over $25 million in thefts. In the same way, the multi-chain crypto scam service Inferno Drainer stopped working in November 2023.
The release of Styx Stealer shows that cybersecurity experts and hackers are still at odds, and it also shows how threats in the cryptocurrency sector are always changing. To keep their funds safe, users are told to keep their systems up to date, be careful when dealing with cryptocurrency, and use advanced security tools.
