Cybersecurity researchers at Check Point Research have uncovered a new threat targeting cryptocurrency users known as the Styx Stealer malware. This malicious software uses a technique called clipping to intercept and alter the recipient’s wallet address during transactions, diverting funds to the attacker’s account. Styx Stealer, offered on a rental basis for $75 per month or $350 for a lifetime license, has already been implicated in numerous attacks since its launch in April. It is an evolved version of an older malware variant, Phemedrone Stealer, with enhanced features like new detection evasion tactics and a crypto clipper function. The discovery of Styx Stealer came about when the developer experienced a data leak during debugging, leading to critical insights into its operations. The developer, based in Turkey, accumulated around $9,500 in cryptocurrency payments within the first two months of the malware’s release, traced to eight cryptocurrency wallets.
Styx Stealer primarily exploits a vulnerability in Microsoft Windows Defender, which was patched last year, making Windows users with updated systems safe from this malware. However, those who have not updated their systems remain vulnerable. The developer’s website, styxcrypter.com, initially provided detailed information on pricing and product offerings but was altered on August 16 to feature a different product. Purchases were facilitated through Telegram using various cryptocurrencies like Bitcoin and Tether. Check Point Research also identified the developer’s Telegram accounts, email addresses, and phone numbers, providing crucial leads for further investigation. This new threat highlights the persistent risks faced by cryptocurrency users and the importance of staying vigilant against evolving malware tactics.
A recent report by Chainalysis revealed a decline in overall illicit cryptocurrency transactions in 2024, despite a surge in specific criminal activities within the sector. The mid-year crypto crime update released on August 15 highlighted the increasing prevalence of hacking and ransomware attacks in the crypto space. Two categories, stolen funds through hacking and ransomware attacks, have seen a significant uptick. Hacking incidents have shown a substantial increase in the value of stolen assets, with the cumulative value of stolen cryptocurrencies reaching $1.58 billion by the end of July, an 84% increase compared to the same period in 2023. Even though the number of hacking incidents only went up slightly, the average value stolen per hack surged dramatically, with hackers stealing approximately $266 million in July alone through 16 separate breaches.
The July 18 attack on Indian crypto exchange WazirX stands out as a significant event, accounting for over $230 million, or 86.4%, of the total losses in that month. The report by Chainalysis underscores the evolving landscape of crypto crime and the need for robust security measures to safeguard against cyber threats. While overall illicit cryptocurrency transactions have decreased in 2024, specific types of criminal activities like hacking and ransomware attacks continue to pose significant risks to the sector. As hackers become more sophisticated and target high-value assets, it is crucial for cryptocurrency users and exchanges to enhance their security protocols and stay abreast of emerging threats. By understanding the changing dynamics of crypto crime, stakeholders can better protect themselves and their assets in the digital ecosystem.
