In April of this year, a new type of malicious software began to spread over the network, which is able to steal user credentials and other valuable information. The malware called "Mystic Stealer" was discovered and analyzed by cybersecurity experts from Zscaler and Cyfirma .
Mystic Stealer runs on most versions of the famous "window system" from ancient Windows XP to the latest Windows 11, and supports both 32-bit and 64-bit architectures. The program is distributed on cybercriminal forums using the MaaS model for $150 per month.
According to a Zscaler report, the info stealer is capable of stealing data from nearly 40 web browsers (including Chrome, Edge, Firefox, Opera, and Vivaldi) and over 70 browser extensions (including Coinbase Wallet, Dashlane, and LastPass). In addition, the malware also targets a wide range of cryptocurrency wallets, Steam, and Telegram clients.
When launched for the first time, Mystic Stealer collects information about the victim's operating system and hardware, and takes a screenshot, sending this data to the attackers' C2 server. Depending on the return instructions received, the malware will target a more specific list of data.
When the malware decides on the information to steal, it packs and sends it directly to the "hackers' lair", where the data is processed and analyzed.
Cyfirma experts have identified the existence of more than 50 active C2 servers used for the correct operation of the infostealer, which indicates the growing prevalence of this threat and the serious intentions of cyber criminals.
Experts believe that Mystic Stealer is a "very advanced" malware that aligns with current trends in malware, focusing on anti-analysis and bypass protection. The researchers also warned about the possible risks and consequences of spreading this kind of software, especially for cryptocurrency holders.
To protect against Mystic Stealer, it is recommended that you use reliable antivirus software, do not open suspicious email attachments or links, and keep your applications and operating system up to date.