Cybersecurity researchers at Check Point Research have uncovered a new threat targeting cryptocurrency users called the Styx Stealer malware. This malicious software is capable of stealing sensitive information, including cryptocurrency, using a technique known as clipping. By intercepting and altering the recipient’s wallet address during transactions, funds are diverted to the attacker’s account. Styx Stealer is being offered on a rental basis through its developer’s website with prices set at $75 per month or $350 for a lifetime license. The malware, derived from an older variant called Phemedrone Stealer, features new detection evasion tactics and a crypto clipper function.
The discovery of Styx Stealer came about unexpectedly when the developer experienced a data leak during debugging, allowing researchers to trace its origins and operations. The developer, based in Turkey, had collected approximately $9,500 in cryptocurrency payments within the first two months of the malware’s release. Payments were tracked to eight cryptocurrency wallets linked to the developer. Styx Stealer primarily exploits a vulnerability in Microsoft Windows Defender, which was patched last year. Windows users with updated systems are not at risk, but those with outdated systems remain vulnerable. The developer’s website, styxcrypter.com, initially showcased detailed pricing and product information but was recently altered to feature a different product.
A recent Chainalysis report revealed a decline in overall illicit cryptocurrency transactions in 2024, despite certain types of criminal activities within the sector surging. Hacking and ransomware attacks have become increasingly prevalent, with stolen funds from these activities seeing a significant increase. The value of stolen cryptocurrencies reached $1.58 billion by the end of July, an 84% increase compared to the same period in 2023. While the number of hacking incidents only slightly increased by 2.8% year-over-year, the average value stolen per hack surged dramatically. In July alone, hackers stole approximately $266 million through 16 separate breaches, leading to substantial losses in the crypto sector.
The July 18 attack on Indian crypto exchange WazirX was particularly notable as it accounted for over $230 million or 86.4% of the total losses for the month. Chainalysis’ mid-year crypto crime update identified a resurgence of hacking in 2024, highlighting the growing threat to the industry. The report provides insights into the evolving landscape of illicit cryptocurrency activities and the need for enhanced cybersecurity measures to protect users and platforms. Overall, the decline in illicit transactions is a positive development, but the rise in hacking incidents underscores the importance of remaining vigilant and proactive in addressing cybersecurity threats within the crypto sector.
Check Point Research’s identification of Styx Stealer and the insights provided by the Chainalysis report contribute to a better understanding of the challenges facing the cryptocurrency industry in terms of cybersecurity. As the sector continues to evolve and attract more users, the risks associated with malicious actors targeting valuable assets increase. It is essential for users, platforms, and regulators to collaborate in implementing robust security measures to mitigate these risks and ensure the safe and secure operation of the digital asset ecosystem. By staying informed and proactive in addressing threats, the industry can work towards a more secure and resilient future for cryptocurrency users and stakeholders.
