Mystic Stealer malware targets dozens of cryptocurrency apps

On hacker forums and dark-web marketplaces, the Mystic Stealer malware for stealing information and cryptocurrency is gaining popularity. This, сообщил a number of cybersecurity researchers.

The malware targets 40 browsers, 21 cryptocurrency apps and 55 specialised browser extensions, 9 applications for multi-factor authentication and password management, and credentials for Steam and Telegram.

Mystic Stealer is capable of attacking computers running all versions of Windows. It minimally impacts infected systems, encrypts its communication with the command-and-control server, and directly sends stolen files to it, which helps it evade detection.

Upon first run, the malware collects information about the operating system and hardware, taking a screenshot. Depending on the instructions received from the operator, the malware targets more specific data stored in browsers and applications.

The creators rent out the malware for $150 a month. They have added an exemption for use in CIS countries, which may indicate the malware’s origin.

Mystic Stealer has been known since April and is actively evolving. The project has a Telegram channel where development news, feature requests, and other current topics are discussed.

Earlier, ForkLog reported that the Pink Drainer group, via phishing and social engineering, stole $2.9 million in the Ethereum, Arbitrum and other networks.