Check Point Research recently discovered a new threat targeting cryptocurrency users called the Styx Stealer malware. This malicious software can steal sensitive information, including cryptocurrency, using a technique known as clipping. By intercepting and altering the recipient’s wallet address during transactions, the malware can divert funds to the attacker’s account. Styx Stealer is available for rent through its developer’s website, with prices ranging from $75 per month to $350 for a lifetime license. While the malware is relatively new, it has already been involved in various attacks and has evolved from an older malware variant called Phemedrone Stealer with enhanced features.
The discovery of Styx Stealer came about unexpectedly when the developer experienced a data leak during debugging, allowing researchers to uncover crucial information about its operations. The developer, based in Turkey, has generated around $9,500 in cryptocurrency payments within the first two months of releasing the malware. The malicious software primarily targets a vulnerability in Microsoft Windows Defender, which has been patched, ensuring that up-to-date systems are not at risk. However, users with outdated operating systems are vulnerable to this malware. The Styx Stealer website was initially used to promote the malware, offering detailed pricing and product information, but it was later altered to feature a different product.
Despite the emergence of threats like Styx Stealer, a recent Chainalysis report revealed a decrease in overall illicit cryptocurrency transactions in 2024. However, specific types of criminal activities within the sector, such as hacking and ransomware attacks, have seen a rise. Stolen funds through hacking and ransomware attacks have increased significantly, with the cumulative value of stolen cryptocurrencies reaching $1.58 billion by the end of July. Although the number of hacking incidents only slightly increased, the average value stolen per hack surged. In July alone, hackers stole approximately $266 million through 16 separate breaches, causing substantial losses in the crypto sector.
One notable attack mentioned in the report is the July 18 incident on Indian crypto exchange WazirX, accounting for over $230 million in losses. This attack highlights the vulnerability of crypto exchanges and the importance of cybersecurity measures within the industry. While overall illicit cryptocurrency transactions have decreased, the resurgence of hacking activities poses a significant threat to investors and crypto businesses. It is essential for both users and companies to remain vigilant and implement robust security protocols to mitigate the risk of falling victim to malicious actors in the crypto space.
As cyber threats continue to evolve, researchers and cybersecurity experts play a vital role in identifying and combating new malware strains like Styx Stealer. By uncovering critical information about the operations of these malicious software, researchers can help raise awareness among users and enhance cybersecurity measures to protect assets in the digital space. The collaboration between industry professionals, law enforcement agencies, and regulatory bodies is crucial in addressing the growing cybersecurity challenges faced by the crypto sector. With a proactive approach to security and ongoing threat intelligence, the industry can strengthen its defenses against emerging threats and safeguard the interests of users and businesses involved in the cryptocurrency ecosystem.
