Mystic Stealer is a malware that is currently rocking the web. Capable of stealing sensitive data directly from browsers and web extensions, this malware worries. Here’s what you need to know.
His name almost breathes poetry, but his goal is not to recite you verses. Recently discovered, Mystic Stealer can steal your data from 40 web browsers and over 70 different extensions. This information-stealing malware is seriously alarming.
Sophisticated malware with scan resistance mechanisms
First announced on April 25, 2023, Mystic Stealer retails for $150 a month for budding hackers. The malware is particularly effective in targeting Steam wallets, Telegram or even cryptocurrency wallets.
Coded rather intelligently, it uses complex defense mechanisms that allow it to slip through the cracks of common analyzes. Researchers from Zscaler and InQuest said last week that the code of this malware is rather complex. Based on the masking of its polymorphic chains (techniques to make the source code of a program more difficult to analyze) and other techniques making it difficult to predict, Mystic Stealer is already very effective.
The evolution of information-stealing malware
The latest update of the malware, dated May 2023, allows it to recover data and instructions transported by a specific program. This set of data, called “payload”, contains very sensitive information: instructions for data theft or file corruption, login credentials or financial data, for example.
These payloads are then downloaded from a command and control (C2) server for direct use by hackers. Communications with C2s are over TCP, a custom binary protocol widely used in computer networks. So far, 50 operational C2 servers have been identified. This allows malware buyers to access data logs and other confidential configurations.
This kind of malware can be bought in a few clicks on the underground market. This ease of access highlights the importance of these tools in cybercrime campaigns. Mystic Stealer can clearly be used as a starting point for data collection and allow easy initial access to various targeted environments. As this malware becomes more sophisticated, it is essential that reliable security solutions are more easily accessible to all users. Vigilance alone is not enough.
Source : The Hacker News, Cyfirma
2