Author

Topic: Warning: Styx - another crypto wallet stealer (Read 294 times)

legendary
Activity: 2744
Merit: 1878
Rollbit.com | #1 Solana Casino
September 03, 2024, 01:35:51 PM
#22

Use premium dual antivirus with better protection from all kinds of phishing attacks and Other Malicious links.
It must always be up-to-date for device security and not let your guard down in the slightest, I have always applied it to this day.


This stealer is currently being sold on the dark net for rent for only 75 bucks. It has improved protection from detection, and hackers have added the ability to replace the wallet number during a transaction. Previously, it penetrated systems when a hole was discovered in Windows Defender, that is, in the local Windows "antivirus Grin." I will not say for sure, but I am afraid that it will also be able to bypass all other antivirus.

Who should worry? Windows users who do not bother updating the system or who use Windows without a license and therefore do not have normal updates.
-snip-
Yes that's a concern for all Windows users right now, but there's already an update for the Windows defender vulnerability and a few more updates related to some Exploit that happened to Ipv6 Users, Windows TCP/IP Remote Code Execution Vulnerability .

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38063

Windows users or other OS users should also be concerned about the security of the crypto wallet they are installing, I am also aware that some new loopholes may be found again. But I also need to be prepared with the security that I implement myself, Offline devices, No pirated apps and everything must be licensed.
sr. member
Activity: 350
Merit: 265
Catalog Websites
September 03, 2024, 04:58:25 AM
#21
I am guessing that the software is capable of stealing browser passwords. People shouldn't save their passwords in browsers anyway. There have been password stealers capable of stealing this data for a decade now, in various forms. It's a good idea to have a separate computer for your crypto and/or financials and not engage with those activities on your every-day computer you use for browsing the internet. The cookie hijacking feature is a real threat. I wonder if 2FA protects against cookie hijacking?!
First of all you are right I also think it is bad idea to save passwords in browsers because they can be stolen easily. And it is surprising people still do it even though there have been many password stealing viruses in market. While using separate computer for important things like money and crypto is good idea. Cookie hijacking feature is very dangerous because it can get into accounts even with strong passwords. So it is very important to use extra security like special browser protection and anti virus software to stay safe online.
hero member
Activity: 2632
Merit: 833
September 03, 2024, 02:40:55 AM
#20

Use premium dual antivirus with better protection from all kinds of phishing attacks and Other Malicious links.
It must always be up-to-date for device security and not let your guard down in the slightest, I have always applied it to this day.


This stealer is currently being sold on the dark net for rent for only 75 bucks. It has improved protection from detection, and hackers have added the ability to replace the wallet number during a transaction. Previously, it penetrated systems when a hole was discovered in Windows Defender, that is, in the local Windows "antivirus Grin." I will not say for sure, but I am afraid that it will also be able to bypass all other antivirus.

Who should worry? Windows users who do not bother updating the system or who use Windows without a license and therefore do not have normal updates.

Linux on a clean device, separate from surfing the Internet for various topics, is the best choice. Although, with very careless work on Linux, the system also has no guarantees.

So far though, the exploits on Linux system is not on malware, but more on crypto mining.

But I do agree with your points on Microsoft, majority of us are using it and we have heard hackers was able to penetrate it easy. They even perform if the machine is on a sandbox, if they detect it, then they won't inflict the system.

Might be better for us then to move to Linux or any other flavored Unix based.
hero member
Activity: 3024
Merit: 745
🌀 Cosmic Casino
September 02, 2024, 07:12:24 AM
#19
I don't buy on the partnership anymore as these wallets can basically make some false promotion about how partnered they are with a known company. That's why it's still best to rely on one of the communities that we know and that's here because sets of these wallets have been scrutinized based on their codes.
Yeah but we should confirm if the partnership is legit and known by the other parties cause false promotions are common in web3. Yes you are right community knows best and those users feedback will gave us confidence about the specific wallet we are using if its good and safe from malware and potential threat.
I agree, if you insist on using that wallet with a partnership from a known company, it's always best to verify and confirm first like what we do mostly with the platforms that we're dealing with. And the effective old advice by most of us here is don't use an unfamiliar wallet and stick to the wallets that everyone uses. But even with that, the risk if you're not careful with the links, you might land on the wrong one so be aware at all times. Be wary of the links that are sent to each of us and DYOR.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
September 02, 2024, 04:55:16 AM
#18

Use premium dual antivirus with better protection from all kinds of phishing attacks and Other Malicious links.
It must always be up-to-date for device security and not let your guard down in the slightest, I have always applied it to this day.


This stealer is currently being sold on the dark net for rent for only 75 bucks. It has improved protection from detection, and hackers have added the ability to replace the wallet number during a transaction. Previously, it penetrated systems when a hole was discovered in Windows Defender, that is, in the local Windows "antivirus Grin." I will not say for sure, but I am afraid that it will also be able to bypass all other antivirus.

Who should worry? Windows users who do not bother updating the system or who use Windows without a license and therefore do not have normal updates.

Linux on a clean device, separate from surfing the Internet for various topics, is the best choice. Although, with very careless work on Linux, the system also has no guarantees.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
September 01, 2024, 09:24:04 PM
#17
I don't buy on the partnership anymore as these wallets can basically make some false promotion about how partnered they are with a known company. That's why it's still best to rely on one of the communities that we know and that's here because sets of these wallets have been scrutinized based on their codes.
Yeah but we should confirm if the partnership is legit and known by the other parties cause false promotions are common in web3. Yes you are right community knows best and those users feedback will gave us confidence about the specific wallet we are using if its good and safe from malware and potential threat.
legendary
Activity: 2744
Merit: 1878
Rollbit.com | #1 Solana Casino
September 01, 2024, 07:53:39 PM
#16
-snip-
Thus what about the exchange users?fiat transactors and many more of financial transactions?... i will still say it will be the best idea to have a separate PC where those stuffs will be carried out only,
Having a spare PC can indeed be used, but if you don't have another PC or a device that is specifically designed to always be connected to the internet, it is necessary to increase the vigilance and security level of the device you have.

Use premium dual antivirus with better protection from all kinds of phishing attacks and Other Malicious links.
It must always be up-to-date for device security and not let your guard down in the slightest, I have always applied it to this day.



-snip-
Or switch to another OS Like Linux since most of the malware only affects Windows switching to Linux is way safer when it comes to accessing any site randomly compared to Windows OS.

Linux is a safe enough OS to avoid malware that usually attacks the Windows OS, but the use of Linux must also be done correctly because some wrong configurations can be a loophole for attacks that will enter the Linux system used, especially if there is an exploit that is not yet known and has not been updated.

Although the threat of malware is very small, other threats such as phishing links, social engineering and several other exploits need to be watched out for.
It is not about the Linux OS used, but the use must also be smart and know about the OS used.  No system is completely secure.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
September 01, 2024, 05:35:26 PM
#15
That is why having an offline wallet will make sure your wallet is far from this kind of malware it is likely a spyware that can monitor all activities you doing.
Switching to Brave browser and disabling pop ads and blocking any script it has a good tool to prevent you to access random website.

Or switch to another OS Like Linux since most of the malware only affects Windows switching to Linux is way safer when it comes to accessing any site randomly compared to Windows OS.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
September 01, 2024, 04:31:51 PM
#14
Thank you for sharing this op. There are lot of malwares like this and that's why we need to be very careful on what we click when browsing. It's not that we have to click links all the time but there are times that we need to click a link but we need to be very careful with it and check if it's the correct link rather than just clicking it without checking that will only result in getting malware without our knowledge of getting it.
hero member
Activity: 3024
Merit: 745
🌀 Cosmic Casino
September 01, 2024, 04:16:20 PM
#13
These wallet stealers are in abundance and they're everywhere. The lesson here is not to be too hyperactive with so many wallets and use those wallets that you know mostly so you won't be misled to the wrong links that we are receiving through any channels from email, instant messages, or by any means that they want us to click any link.
Yeah only used wallet that are proven to be trusted and got so many users. Any wallet suggestion without much users is still scary to use whether it has some big partnership. We can only knew if a wallet that being promoted is secure once they have a lot of downloads and some users feedback regarding its efficiency and especially its security.

Thumbs up OP for a great find.
I don't buy on the partnership anymore as these wallets can basically make some false promotion about how partnered they are with a known company. That's why it's still best to rely on one of the communities that we know and that's here because sets of these wallets have been scrutinized based on their codes. Or it's best to check them out as you've said if they don't have that many users at all. I think with most of us here can basically avoid what are the sketchy ones and make it a practice not to click any links that are emailed or messaged to us if they are suspicious.
legendary
Activity: 1890
Merit: 1537
A new stealer has been discovered, and it seems a new version of Phemedrone Stealer, but it's more potent and it's capability is more adept that the original, and it is called, Styx Stealer. What makes it more powerful than it's predecessor Phemedrone Stealer[...]

So it means that this criminals are making money already with more than half a Bitcoin.
This is evidence that the Styx Stealer software that these scammers designed and sold for $350 for a lifetime license has been met with interest from unethical buyers who will use this tool to generate this malware that has high-risk improvements for use in digital espionage, fraud, and stealing sensitive data from cryptocurrency users. As these scammers succeed in victimizing others and illegally obtaining funds, the number of malwares will increase and spread widely. Therefore, these topics that discuss all the latest developments and tools of these scammers and the necessary protection methods from them will be important to increase awareness and caution. This financial sector, which we are currently involved in, is heavily targeted, and everyone must follow the necessary protection measures and keep their important data and cryptocurrencies in an offline state.
sr. member
Activity: 476
Merit: 299
Learning never stops!
I am guessing that the software is capable of stealing browser passwords. People shouldn't save their passwords in browsers anyway. There have been password stealers capable of stealing this data for a decade now, in various forms. It's a good idea to have a separate computer for your crypto and/or financials and not engage with those activities on your every-day computer you use for browsing the internet.
Having a separate computer or a device that is indeed specifically for free use of the internet and a device used to log in to a personal wallet is indeed necessary, because now many devices are easy to be infected with malware or fall into phishing traps so that they will install strange applications without the user's knowledge.
True this is really important for wallet at the moment and if we are talking about wallet that allow this then we c will be considering crypto wallets and not just any  kind of crypto wallet but a non custodial wallet,though i'm not sure if  all the non custodial wallet can do the complete offline thing because there are users who still like to check balance and make transactions frequently,i believe the only way to do that is through a watch only wallet i.e only the signing will be done on the cold storage wallet.
Thus what about the exchange users?fiat transactors and many more of financial transactions?... i will still say it will be the best idea to have a separate PC where those stuffs will be carried out only,at the same time this is a call to crypto investors storing their funds for a long period?/Holders on exchange to stop doing that and start making use of  non-custodial wallet... If you arn't a business type carrying out crypto exchange transaction for time to time(almost daily) then quit using exchange otherwise take good security measures.
legendary
Activity: 2744
Merit: 1878
Rollbit.com | #1 Solana Casino
I am guessing that the software is capable of stealing browser passwords. People shouldn't save their passwords in browsers anyway. There have been password stealers capable of stealing this data for a decade now, in various forms. It's a good idea to have a separate computer for your crypto and/or financials and not engage with those activities on your every-day computer you use for browsing the internet.
Having a separate computer or a device that is indeed specifically for free use of the internet and a device used to log in to a personal wallet is indeed necessary, because now many devices are easy to be infected with malware or fall into phishing traps so that they will install strange applications without the user's knowledge.

The cookie hijacking feature is a real threat. I wonder if 2FA protects against cookie hijacking?!
2FA is not enough to prevent cookie hijacking, and piracy will still be possible on browsers that have been attacked or users who have already entered the trap.

The 2FA security focuses on verifying the user's identity when logging in, while cookie hijacking will occur after the user successfully logs in.
When the attacker has successfully obtained the cookie, then the attacker can use it to access the account without having to go through the 2FA process again, as long as the cookie used is still valid.

Many browsers now use double security to avoid cookie hacking, such as "block third-party cookies" or "private browsing".
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
These wallet stealers are in abundance and they're everywhere. The lesson here is not to be too hyperactive with so many wallets and use those wallets that you know mostly so you won't be misled to the wrong links that we are receiving through any channels from email, instant messages, or by any means that they want us to click any link.
Yeah only used wallet that are proven to be trusted and got so many users. Any wallet suggestion without much users is still scary to use whether it has some big partnership. We can only knew if a wallet that being promoted is secure once they have a lot of downloads and some users feedback regarding its efficiency and especially its security.

Thumbs up OP for a great find.
hero member
Activity: 3024
Merit: 745
🌀 Cosmic Casino
Thank you, OP, these wallet stealers are in abundance and they're everywhere. The lesson here is not to be too hyperactive with so many wallets and use those wallets that you know mostly so you won't be misled to the wrong links that we are receiving through any channels from email, instant messages, or by any means that they want us to click any link. Also, it might be helpful OP if you post the addresses that are involved with the Styx by adding a "code" or even not so that it will be visible to everyone not just from the image but also through text.
hero member
Activity: 1190
Merit: 901
Livecasino.io
I don't agree with you Adbitco: the OP didn't say that you get infected by installing any specific wallet, but by clicking on links we can see while browsing
Is it even possible to browse with internet without clicking links. What I mean is that for example, if I am reading an article on coinbase and there is an interesting link with a crypto caption that catches my attention, how can i tell that that link is a carrier of the malware? Secondly if the malware gets into my mobile device which has no crypto wallet will it remain dormant and get activated if I ever install a crypto wallet or since it didn't find anything it can't remain?

 
hero member
Activity: 1428
Merit: 653
Leading Crypto Sports Betting & Casino Platform
<...>
Those who may likely fall for this are people who so much attached to using different kinds of wallet and not having special wallet to used, for instance using Electrum wallet then such person has nothing to lose and again should be very careful with what they click on link, for long I barely clicked on any link be it mail or link found here to get started I don't do that because I know we can't actually predicts what would happened at the later end maybe have a remote control of your system and devices. But anyway, thanks for sharing here at least people would be more careful with the way they click and download things.

I don't agree with you Adbitco: the OP didn't say that you get infected by installing any specific wallet, but by clicking on links we can see while browsing or we may receive via email as you also said, so if you use Electrum wallet, for example, and get infected by this new Styx Stealer, your wallet.dat will be stolen like any other wallet.

Yes, using Electrum and not making any experiments by installing unknown wallets is a good security measure, but it has nothing to do with the risk Kemarit warns us about here, as far as I have come to understand.
Yes that is it but in addition had say for safety purposes, you never can tell where exactly this can get affect to one system. Becoming vigilant is much more better, of us I hardly click on links or and besides while making use of my wallet I make sure that every single active window are closed be it on my Laptop or Smartphone to avoid attack which you never know where this attack could come from, it may be from clicking links or something similar so better act smart and play safe with your funds.
legendary
Activity: 2730
Merit: 7065
I am guessing that the software is capable of stealing browser passwords. People shouldn't save their passwords in browsers anyway. There have been password stealers capable of stealing this data for a decade now, in various forms. It's a good idea to have a separate computer for your crypto and/or financials and not engage with those activities on your every-day computer you use for browsing the internet. The cookie hijacking feature is a real threat. I wonder if 2FA protects against cookie hijacking?!
sr. member
Activity: 728
Merit: 421
Thank you for this update. I believe this information would be of good help to members and mostly newbies here. Lots of people make the mistake of downloading random wallets they see online without prior verification to know the source and many have been the victim of wallets hack they downloaded from random sites too.

Clicking of random link is amongst many hacks on wallets which people can not really tell how it happened but they forget that they had clicked links online which they granted permission to access things on their gadgets. It is better to avoid clicking of ads  and downloading files and documents they have no idea the source just because they saw something enticing and catchy.

As for the wallet, I have not really used any other wallet except electrum and trustwallet which so far have provided me with the services of storing my assets for my safety. Although there are other good recommendations out there but for me, I stick to the wallet I can handle and conversant with so I don't get things mixed up. I must say your findings are very accurate and timely.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
<...>
Those who may likely fall for this are people who so much attached to using different kinds of wallet and not having special wallet to used, for instance using Electrum wallet then such person has nothing to lose and again should be very careful with what they click on link, for long I barely clicked on any link be it mail or link found here to get started I don't do that because I know we can't actually predicts what would happened at the later end maybe have a remote control of your system and devices. But anyway, thanks for sharing here at least people would be more careful with the way they click and download things.

I don't agree with you Adbitco: the OP didn't say that you get infected by installing any specific wallet, but by clicking on links we can see while browsing or we may receive via email as you also said, so if you use Electrum wallet, for example, and get infected by this new Styx Stealer, your wallet.dat will be stolen like any other wallet.

Yes, using Electrum and not making any experiments by installing unknown wallets is a good security measure, but it has nothing to do with the risk Kemarit warns us about here, as far as I have come to understand.
hero member
Activity: 1428
Merit: 653
Leading Crypto Sports Betting & Casino Platform
A new stealer has been discovered, and it seems a new version of Phemedrone Stealer, but it's more potent and it's capability is more adept that the original, and it is called, Styx Stealer. What makes it more powerful than it's predecessor Phemedrone Stealer, is that

Quote
Styx Stealer is a powerful malware capable of stealing saved passwords, cookies, and auto-fill data from various Chromium- and Gecko-based browsers, data from browser extensions, cryptocurrency wallet data, and Telegram and Discord sessions. It also gathers system information including hardware information and the external IP address and can take screenshots to better understand the environment, prior to launching the malware. All these core functions are inherited from Phemedrone Stealer.

And this is the crypto wallet that his criminals have been using,



And checking one of the Bitcoin address:

Quote
This address has transacted 303 times on the Bitcoin blockchain. It has received a total of 0.55872241 BTC $33,310.87 and has sent a total of 0.55872241 BTC $33,310.87 The current value of this address is 0.00000000 BTC $0.00.

So it means that this criminals are making money already with more than half a Bitcoin.

And they look for the follow crypto wallets,

Quote
The crypto-clipper includes 9 regex patterns for addresses across various blockchains: BTC, ETH, XMR, XLM, XRP, LTC, NEC, BCH, DASH.



https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/

So again, we need to be very careful on clicking any links that we see or some unknown emails we getting. We need to keep our software updated as well. And we should really educated ourselves because it's very crucial that we equipped ourselves with the knowledge on how to protect our machines specially if we have crypto wallets installed. We don't want to be the next victim of this criminals.
Those who may likely fall for this are people who so much attached to using different kinds of wallet and not having special wallet to used, for instance using Electrum wallet then such person has nothing to lose and again should be very careful with what they click on link, for long I barely clicked on any link be it mail or link found here to get started I don't do that because I know we can't actually predicts what would happened at the later end maybe have a remote control of your system and devices. But anyway, thanks for sharing here at least people would be more careful with the way they click and download things.
legendary
Activity: 3080
Merit: 1353
A new stealer has been discovered, and it seems a new version of Phemedrone Stealer, but it's more potent and it's capability is more adept that the original, and it is called, Styx Stealer. What makes it more powerful than it's predecessor Phemedrone Stealer, is that

Quote
Styx Stealer is a powerful malware capable of stealing saved passwords, cookies, and auto-fill data from various Chromium- and Gecko-based browsers, data from browser extensions, cryptocurrency wallet data, and Telegram and Discord sessions. It also gathers system information including hardware information and the external IP address and can take screenshots to better understand the environment, prior to launching the malware. All these core functions are inherited from Phemedrone Stealer.

And this is the crypto wallet that his criminals have been using,



And checking one of the Bitcoin address:

Quote
This address has transacted 303 times on the Bitcoin blockchain. It has received a total of 0.55872241 BTC $33,310.87 and has sent a total of 0.55872241 BTC $33,310.87 The current value of this address is 0.00000000 BTC $0.00.

So it means that this criminals are making money already with more than half a Bitcoin.

And they look for the follow crypto wallets,

Quote
The crypto-clipper includes 9 regex patterns for addresses across various blockchains: BTC, ETH, XMR, XLM, XRP, LTC, NEC, BCH, DASH.



https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/

So again, we need to be very careful on clicking any links that we see or some unknown emails we getting. We need to keep our software updated as well. And we should really educated ourselves because it's very crucial that we equipped ourselves with the knowledge on how to protect our machines specially if we have crypto wallets installed. We don't want to be the next victim of this criminals.
Jump to: