Styx Stealer developer error reveals a vast network of cybercriminals.
Researchers at Check Point Research (CPR) have discovered a new malicious software product called Styx Stealer, which is capable of stealing browser data, Telegram and Discord messenger sessions, as well as cryptocurrency. Despite its recent appearance, this virus has already been seen in attacks, including those aimed at the company's customers.
Styx Stealer developer was linked to one of the threat groups behind the Agent Tesla malware, known under the pseudonym Fucosreal. This attacker participated in a spam campaign that also targeted the company's customers. In the process of debugging Styx Stealer, the developer made a serious mistake and disclosed data from his computer, which allowed researchers to obtain a significant amount of information, including customer data, profit, as well as contact details of other participants in cybercrime.
Styx Stealer was created based on an earlier version of another well-known virus, Phemedrone Stealer, which became widely known after exploiting a vulnerability in Windows Defender SmartScreen in early 2024. Phemedrone was initially available on GitHub, but later it was removed, which led to the appearance of various modifications, one of which was Styx Stealer. This malicious software is sold through the styxcrypter website[.]com and includes features for auto-starting, clipboard monitoring, and analysis protection.
CPR found that the Styx Stealer developer also created and used Telegram bots to transmit stolen data. During the investigation, it was revealed that the creator of Styx Stealer actively interacted with another cybercriminal, known under the pseudonym Mack_Sant, who provided him with a token for use in Styx Stealer.
Additional information obtained during the investigation revealed that Styx Stealer was used in attacks on companies from various industrial sectors, including diamond, metallurgy and others. However, despite active attempts to spread malware, the researchers managed to prevent damage to customers.
This case is a prime example of how even experienced cybercriminals can make mistakes that reveal their identities and plans. As a result of an error by the Styx Stealer developer, Check Point Research was able to obtain important data that will help in the fight against cyber threats and protect companies from such attacks.
Source
Researchers at Check Point Research (CPR) have discovered a new malicious software product called Styx Stealer, which is capable of stealing browser data, Telegram and Discord messenger sessions, as well as cryptocurrency. Despite its recent appearance, this virus has already been seen in attacks, including those aimed at the company's customers.
Styx Stealer developer was linked to one of the threat groups behind the Agent Tesla malware, known under the pseudonym Fucosreal. This attacker participated in a spam campaign that also targeted the company's customers. In the process of debugging Styx Stealer, the developer made a serious mistake and disclosed data from his computer, which allowed researchers to obtain a significant amount of information, including customer data, profit, as well as contact details of other participants in cybercrime.
Styx Stealer was created based on an earlier version of another well-known virus, Phemedrone Stealer, which became widely known after exploiting a vulnerability in Windows Defender SmartScreen in early 2024. Phemedrone was initially available on GitHub, but later it was removed, which led to the appearance of various modifications, one of which was Styx Stealer. This malicious software is sold through the styxcrypter website[.]com and includes features for auto-starting, clipboard monitoring, and analysis protection.
CPR found that the Styx Stealer developer also created and used Telegram bots to transmit stolen data. During the investigation, it was revealed that the creator of Styx Stealer actively interacted with another cybercriminal, known under the pseudonym Mack_Sant, who provided him with a token for use in Styx Stealer.
Additional information obtained during the investigation revealed that Styx Stealer was used in attacks on companies from various industrial sectors, including diamond, metallurgy and others. However, despite active attempts to spread malware, the researchers managed to prevent damage to customers.
This case is a prime example of how even experienced cybercriminals can make mistakes that reveal their identities and plans. As a result of an error by the Styx Stealer developer, Check Point Research was able to obtain important data that will help in the fight against cyber threats and protect companies from such attacks.
Source
