- A malware called Styx Stealer has emerged to manipulate crypto transactions from Windows systems.
- It switches recipient wallet addresses with those of bad actors, routing crypto to cybercriminals.
A new malware, called Styx Stealer, was identified by cybersecurity solution provider and researcher Check Point. It affects Windows systems not updated with the latest Windows software and can successfully manipulate crypto transactions with its ‘crypto-clipper’ function.
Styx Stealer capitalizes on a vulnerability with Windows Defender from 2023. So, devices not updated with the patch released after the issue are susceptible to bad actors using this tool. Its crypto-clipper works to monitor copied wallet addresses from a device’s clipboard. Users often copy their counterparty’s addresses to insert in a wallet application to initiate transactions. Styx Stealer replaces the addresses users want to transfer funds with addresses belonging to bad actors. Thus, it alters the transaction and routes crypto to wallets that users do not intend to interact with.
“The crypto-clipper functionality makes Styx Stealer capable of stealing crypto currency during a transaction, by substituting the original wallet address saved in the clipboard with the attacker’s wallet address,” said Check Point. “The persistence mechanism ensures that the malware remains active on the victim’s system even after a reboot, allowing the crypto-clipper to operate continuously, and increasing the chances of successful cryptocurrency theft.”
Styx Stealer is an updated version of an older malware, Phemedrone Stealer, which stole crypto wallet data, saved passwords, cookies, auto-fill data, and more. The updated version includes features like the crypto-clipper and improved detection evasion techniques. Information about Styx Stealer’s functioning was detected due to its developer experiencing a data leak.
Styx Stealer Has Generated $9,500 In Sales in the Two Months Since Its Launch
The developer charges their customers for using their software. It comes with subscription fees, ranging from $75 for monthly licenses to $350 for lifetime licenses. They have received at least $9,500 as payments for the software through cryptocurrency across eight wallets from 54 customers in just two months since this venture began. These transactions occur after communicating with them on Telegram with their handle @Styxencode.