Cryptotimes

In April, cybersecurity company Check Point Research identified Styx as a more robust variant of Phemodrone Stealer


In April, cybersecurity company Check Point Research identified Styx as a more robust variant of Phemodrone Stealer.
This malware took advantage of a Windows vulnerability that has since been patched, allowing it to intercept cryptocurrency transactions and extract sensitive information from affected systems, including private keys, browser cookies, and autofill data.

In early 2024, Phemodrone attracted attention for its ability to target web browsers, extracting cryptocurrency from wallets and collecting other sensitive data.

Both Phemodrone and Styx Stealer take advantage of a vulnerability in Windows Defender, the operating system's built-in antivirus, by exploiting an outdated flaw in the SmartScreen feature, which is designed to warn users about potentially harmful websites and downloads.

Styx, however, poses even greater risks due to its crypto-clipping capability. This feature enables the malware to monitor clipboard activity and replace copied cryptocurrency wallet addresses with those belonging to the attacker.

Styx employs essential anti-analysis techniques to hide its operations. To evade detection, it terminates processes associated with debugging tools and recognizes virtual machine environments. When it identifies such an environment, Styx Stealer initiates a self-deletion sequence.

 

Accessible via Telegram  
The distribution and sale of the malware are conducted manually through the Telegram account @styxencode and the website styxcrypter[.]com. CPR has also identified advertisements and YouTube videos promoting this malicious software.

At least 54 individuals have sent the Styx developer around $9,500 in various cryptocurrencies, including Bitcoin and Litecoin. In contrast to its predecessor, which was offered for free, this malware is available for a monthly fee of $75, $230 for three months, and $350 for lifetime access.

The total amount of cryptocurrency stolen or the extent of systems compromised by Styx remains uncertain.

Earlier this year, antivirus company Kaspersky reported the discovery of crypto-stealing malware on Apple’s MacOS. This malware specifically targeted Bitcoin and Exodus wallets by substituting the legitimate software with a modified version.

As the cryptocurrency sector continues to grow, hacks and thefts have proven to be highly lucrative, resulting in millions of dollars lost each year. However, some notorious cybercriminals have chosen to cease their activities.

Last month, Angel Drainer, a malware service linked to over $25 million in thefts, ceased operations. Additionally, in November, the multi-chain crypto scam service Inferno Drainer also shut down its services.

Comments

Sm,kamel

One of the most important signs that your computer operating system is infected with this malware is what I am writing below.
1- Reducing the speed of simple operations that are completely smooth in normal mode.
2- The device turns off and on automatically
3- The main programs do not run

If you see any of the above, see an operating system specialist

Other content