In a recent discovery, cybersecurity researchers at CYFIRMA have identified the growing use of a new information stealer called “Mystic Stealer Malware” by hackers. This new threat has been actively advertised in underground forums by the threat actors, who utilize a Telegram channel for their operations.
During the OSINT (Open-Source Intelligence) investigation, more than 50 active Command and Control (C2) servers were detected. This alarming number indicates the rapid growth and widespread adoption of this malware by hackers.
Introduced in late April 2023, Mystic Stealer made its first appearance in renowned underground forums. It quickly gained attention due to its exceptional features, robust capabilities, and competitive pricing. Forum members were invited to test the information stealer, and based on their feedback, the developers continuously updated and enhanced the malicious software.
One key aspect of Mystic Stealer is its ability to evade antivirus detection. By utilizing code manipulation techniques, the malware achieves a remarkably low detection rate according to antivirus checks. This poses a significant challenge for organizations relying solely on traditional antivirus solutions to protect their systems.
The pricing structure for Mystic Stealer subscriptions has also been disclosed. A single-month subscription costs $150, while a three-month subscription is priced at $390. It is worth noting that Mystic Stealer is designed to target all Windows versions and is compatible with both x86 and x64 platforms. This means that a wide range of systems, including Windows XP, Windows 7, and even the latest Windows 11, can be compromised by this malware.
To ensure its stealthy operations, researchers have discovered that Mystic Stealer operates within the computer’s memory and exploits system calls to compromise targets. This technique leaves no evidence behind on the hard drive, making it difficult for investigators to trace the attacker’s activities.
Mystic Stealer possesses a wide range of capabilities, making it even more dangerous. It can steal passwords, cookies, autofill data, credit card details, and browsing history from popular browsers like Mozilla and Chromium. Over 70 cryptocurrency wallet extensions are supported, and the malware can even collect Outlook passwords, gather system information, and take screenshots.
The intended targets of Mystic Stealer primarily include companies that handle sensitive data such as personally identifiable information (PII), financial records, and intellectual property. Industries like healthcare, finance, and technology are particularly at risk due to the high value associated with the data they possess. Additionally, users engaged in cryptocurrency transactions are also targeted by this information stealer.
In light of this emerging threat, several recommendations have been made to protect organizations and individuals. Implementing robust security measures is essential, as is the practice of threat intelligence and monitoring. Regular employee training and awareness about current threats and necessary security measures are also advised. It is crucial to have an incident response and recovery plan in place to mitigate potential damage in the event of an attack.
The rise of Mystic Stealer Malware showcases the ever-evolving and sophisticated nature of cyber threats. As hackers continue to develop and enhance these information stealers, organizations must remain vigilant and adopt comprehensive security measures to safeguard their sensitive data.