New Malicious Attack Targets Windows Users to Steal Bitcoin, Ethereum, and Other Cryptocurrencies

A recent report from Check Point Research, disclosed first on Forbes, raises concerns about a new threat targeting Microsoft Windows users. This sophisticated malware, known as Styx Stealer, is designed to pilfer sensitive data such as browser cookies, security credentials, and messages, with a particular focus on emptying crypto wallets.

The malware, a variant of the Phemedrone Stealer, exploits a vulnerability in Microsoft Windows Defender, allowing it to operate undetected on PCs. Although Microsoft addressed the CVE-2023-36025 vulnerability last year, users must ensure their operating systems are regularly updated to safeguard against such attacks, especially with the imminent end of support for Windows 10 in 2025.

Styx Stealer, associated with the threat actor Fucosreal from the Agent Tesla group, poses a significant risk to users. It can lead to the installation of more harmful software, potentially resulting in ransomware attacks. The malware is available for rent at $75 per month or a lifetime license for $350, making it accessible to cybercriminals.

One of the notable features of Styx Stealer is its ability to engage in crypto theft through a process called crypto-clipping. This function allows the malware to substitute legitimate wallet addresses with those controlled by attackers, enabling them to steal cryptocurrencies during transactions. The malware also employs anti-debugging techniques to evade detection and termination.

Despite its advanced capabilities, a critical error by the malware developer inadvertently exposed crucial information, linking Styx Stealer to the Agent Tesla threat actor. Check Point’s investigation uncovered the actor’s activities in various industries and regions, shedding light on their operations and potential targets.

In response to this emerging threat, users are advised to maintain updated systems and exercise caution when interacting with emails and messages containing suspicious links or attachments. By staying vigilant and implementing cybersecurity best practices, individuals can mitigate the risks posed by Styx Stealer and similar malware targeting crypto assets on Windows platforms.