Mystic Stealer is Leveraging 70 Web Browsers to Hack Crypto Data

Cryptocurrency sector has become seriously appealing to hackers because of its decentralized nature. A joint report co-hosted by cybersecurity firms, Zscaler and InQuest, sheds light on the rising prominence of an information-theft malware dubbed ‘Mystic Stealer.’ It was posted for sale on hacking forums for a monthly subscription of $150 or a quarterly subscription of $390.

Mystic Stealer Can Attack a Wide Range of Crypto Wallets

According to the report, it can attack cryptocurrency wallets, emails and more while also being able to collect host names, user names and globally unique identifiers (GUID). Espionage-focused threat groups too are using the malware to steal data from target networks. Mystic Stealer can target Microsoft Windows operating systems ranging from XP to 11.

The blog post highlights that, “Key Mystic Stealer functions include its ability to extract data from web browsers and cryptocurrency wallets. Like many stealers, it collects auto-fill data, browsing history, arbitrary files, cookies, and information related to cryptocurrency wallets. Whether it’s Bitcoin, DashCore, Exodus, or any other popular crypto wallet, Mystic Stealer has it covered.”

Mystic Stealer targets around 70 web browsers to extract crypto related data. Moreover, it is capable of carrying out attacks on a wide range of crypto wallets as mentioned above. Bleeping Computer, a technology news provider who first covered the news, wrote that “Although the future of Mystic Stealer is still in debate, considering the volatile nature of illegal MaaS projects, its emergence signals elevated risk for users and organizations.”

Regulators Are Trying to Mitigate Crypto-Related Risks

Hackers are going places in the crypto industry. A few days ago, a United Kingdom citizen told The Guardian, a British daily newspaper, she lost over $76 Million in an investment scam on social media. Artificial intelligence (AI) has made it easy for almost everyone to deploy a code to create a crypto token considering AI bots like ChatGPT can provide a whole structure of a website on user’s command.

In December 2022, Forbes reported attackers are using malwares for crypto mining. The month saw the release of Marvel Cinematic Universe (MCU) blockbuster Spider Man: No Way Home. As users rushed towards torrent websites to download the movie for free, hackers simply deployed the malware in No Way Home torrents, which eventually started the mining process upon download.

Leading cybersecurity firm KasperSky reported in March 2023 that Trojanized Tor browsers were targeting Russians and Eastern Europeans using a clipboard-hijacking malware to steal cryptocurrencies. Recently, North Korean hackers stole around $100 Million from Atomic Wallet, a non-custodial crypto wallet. Report shows nearly 5,500 accounts were compromised.

Regulators across the globe are coming up with laws to tackle similar issues. Janet Yellen, Treasury Chief, recently said during a CNBC interview that she sees “holes in the current system.” Moreover, the department identified potential risks associated with crypto assets during their contribution towards President Biden’s Executive Order in March 2022.

Anurag

Source: https://www.thecoinrepublic.com/2023/06/20/mystic-stealer-is-leveraging-70-web-browsers-to-hack-crypto-data/