The Styx Stealer Malware: A New Threat to crypto Users

Cybersecurity researchers at Check Point Research have recently uncovered a new threat targeting cryptocurrency users, known as the Styx Stealer malware. This malicious software is capable of stealing sensitive information, including cryptocurrency, through a technique called clipping. By intercepting and altering the recipient’s wallet address during transactions, the malware can redirect funds to the attacker’s account.

Styx Stealer Offered on Rental Basis

The Styx Stealer malware is available for rent on the developer’s website, with prices set at $75 per month or $350 for a lifetime license. Despite being launched in April, the malware has already been implicated in numerous attacks. It is derived from an older malware variant called Phemedrone Stealer, but with added features such as detection evasion tactics and a crypto clipper function.

The discovery of the Styx Stealer malware occurred unexpectedly when the developer faced a data leak while debugging. This incident allowed researchers to trace the origins of the malware and revealed that the developer, based in Turkey, had accrued around $9,500 in cryptocurrency payments within the first two months of its release. The payments were traced to eight cryptocurrency wallets linked to the developer.

Styx Stealer primarily exploits a vulnerability in Microsoft Windows Defender, which was patched last year. Users with up-to-date systems are safe, but those who have not updated remain vulnerable. The website promoting Styx Stealer, styxcrypter.com, previously displayed detailed pricing and product information but was altered on August 16 to showcase a different product.

Purchases were facilitated through telegram using various cryptocurrencies like bitcoin and Tether. Check Point Research identified the developer’s telegram accounts, email addresses, and phone numbers, providing crucial leads for further investigation.

Overall Decline in Illicit crypto Transactions in 2024

A recent Chainalysis report highlighted a decrease in overall illicit cryptocurrency transactions in 2024, despite certain criminal activities within the sector surging. The mid-year crypto crime update revealed a rise in hacking and ransomware attacks, particularly stolen funds through hacking and ransomware.

Of concern is the resurgence of hacking in 2024, with a significant increase in the value of stolen assets. By the end of July, the total value of stolen cryptocurrencies reached $1.58 billion, an 84% rise compared to the same period in 2023. Although the number of hacking incidents only slightly increased (2.8% year-over-year), the average value stolen per hack surged dramatically.

In July alone, hackers stole approximately $266 million through 16 separate breaches, resulting in significant losses for the crypto sector. The attack on Indian crypto exchange WazirX on July 18 stood out, accounting for over $230 million, or 86.4%, of the month’s total losses.