Cybersecurity experts from Check Point Research have revealed a new menace that specifically targets cryptocurrency users, known as Styx Stealer malware.
This harmful software has the capability to pilfer a variety of sensitive information, including digital currencies, through a technique called clipping. This method enables the malware to intercept and modify the recipient’s wallet address during transactions, redirecting funds to the hacker's account.
Styx Stealer Available for Rent
The Styx Stealer malware is currently being offered for rent via its developer's website, with subscription costs set at $75 per month or a one-time payment of $350 for a lifetime license.
Launched in April, this malware has already been linked to multiple cyberattacks. Styx Stealer is an evolved version of a previous malware variant called Phemedrone Stealer, featuring new capabilities that include advanced methods to evade detection and a clipping function specifically for cryptocurrency transactions.
The discovery of this malware was unexpected, stemming from a data leak that occurred during the developer's debugging process. This incident allowed researchers to trace the origins and functionality of Styx Stealer.
Investigations revealed that the developer, located in Turkey, managed to gather approximately $9,500 in cryptocurrency payments within just the first two months after launching the malware. These funds were tracked to eight separate cryptocurrency wallets owned by the developer.
Styx Stealer primarily exploits a vulnerability present in Microsoft Windows Defender, which was patched in the previous year. Therefore, users with updated Windows systems are not at risk. However, individuals who have not performed system updates remain exposed to this threat.
The website promoting Styx Stealer, styxcrypter.com, initially provided detailed pricing and product information but was altered on August 16 to advertise a different offering. Transactions were handled via Telegram, utilizing various cryptocurrencies such as Bitcoin and Tether.
Check Point Research has also traced the developer's Telegram accounts, email addresses, and phone numbers, providing crucial information for further investigations.
Drop in Overall Illicit Cryptocurrency Transactions in 2024
A recent report from Chainalysis indicates a decline in the total number of illicit cryptocurrency transactions in 2024, even as certain types of criminal activities within the sector have increased. Released on August 15 as part of an interim report on crypto crime, the findings show that hacking and ransomware incidents are on the rise.
Particularly concerning are the increases seen in two categories: stolen assets via hacking and ransomware attacks. Chainalysis noted a significant uptick in the overall value of stolen assets.
By the end of July, the total value of stolen cryptocurrencies reached a staggering $1.58 billion—an 84% increase compared to the same period in 2023. Although the frequency of hacking incidents rose marginally (2.8% year-over-year), the average amount stolen per hack escalated sharply.
In July alone, hackers were responsible for stealing around $266 million across 16 different breaches, resulting in considerable losses for the cryptocurrency sector. Notably, the attack on the Indian crypto exchange WazirX on July 18 was particularly damaging, accounting for over $230 million, or 86.4%, of that month's total losses.
