HQ/EMEAFind out how we can help your business
A couple of research groups posted reports on the new Mystic Stealer malware that has recently been rampaging in the cybersecurity landscape. This surging information stealer malware emerged on several underground forums in April 2023.
Moreover, it gained traction from several malicious groups, underwent trials, and incorporated feedback. New investigations from multiple threat analysts have shown that the new infostealer could allow actors to make their attacks more efficient. In addition, researchers noticed a rising number of command-and-control panels from the malware.
Malicious groups have taken a liking to Mystic Stealer since it could target various apps and platforms.
Based on investigations, the new Mystic Stealer malware could exploit various apps and platforms, such as web browsers, browser extensions, crypto apps, MFA, and password management tools. Additionally, the infostealer could target about 55 crypto browser extensions, Steam and Telegram credentials.
Researchers stated that the infostealer could harvest auto-fill data, arbitrary files, cookies, browsing history, and information associated with various cryptocurrency wallets, like DashCore, Exodus, and Bitcoin.
The malware operators also operate a Telegram channel called Mystic Stealer News. The track manages discussions on development updates and other relevant issues.
Experts claimed that Mystic Stealer is compatible with all Windows versions supporting 32-bit and 64-bit operating systems architecture. Furthermore, it runs in memory; hence, it could minimise its presence on compromised systems and bypass AV detection.
The malware could also execute anti-virtualisation reviews and test CPUID details to avoid running on sandboxed environments.
The malware also includes a loader feature to recover additional payloads from command-and-control servers. The malware communicates with the C2 servers through a binary protocol over TCP while it exfiltrates stolen data directly to the server. The process is a unique method for information stealer malware since it could aid evasion.
Researchers believe that the future of the Mystic Stealer malware in the cybersecurity landscape remains a mystery. As of now, it portrays itself as an illicit MaaS project. Its appearance poses a significant threat to numerous users and organisations. Therefore, everyone needs to be cautious about downloading software solutions from the internet.
