Recently, the cybersecurity researchers at CYFIRMA found that hackers are actively using “Mystic Stealer Malware,” a new information stealer.
It’s been claimed that in an underground forum, this new information stealer is actively advertised by the threat actors, and for their operations, they use a Telegram channel.
More than 50 active C2 servers were detected during the OSINT investigation, and this count depicts the rapid growth of this threat and how increasingly it’s becoming common.
In renowned underground forums, the ‘Mystic Stealer’ appeared for the first time in late April 2023.
With the following key things that are advertised, this info-stealer managed to attract huge attention:-
As time went by, the information stealer was shared with the forum’s skilled members for them to try it.
They tested it, confirmed it worked well, and also gave useful suggestions to its developers for making it even better.
The threat actors carefully integrated these recommendations into the stealer, leading to continuous updates and enhancements.
Using code manipulation techniques to outsmart most antivirus products, Mystic Stealer achieves a low detection rate according to AV checks.
Here below, we have mentioned the subscription charges for the Mystic Stealer:-
The malware can target all Windows versions and is compatible with both x86 and x64 platforms.
Here below, we have mentioned the Windows versions that could be targeted:-
To avoid detection, researchers said it operates within the computer’s memory and exploits system calls to compromise targets, ensuring that no evidence is left behind on the hard drive while stealing data.
The malware is designed to operate independently, without needing external libraries, and for improved performance, it includes its own custom browser database parser.
Here below, we have mentioned all the capabilities of the Mystic Stealer:-
Mystic Stealer mainly targets companies that handle sensitive data, such as:-
Mystic Stealer might focus on industries like healthcare, finance, and technology because of the significant value associated with the data they hold.
Not only that, but even Mystic Stealer also targets the users actively involved in cryptocurrency transactions.
Here Below we have mentioned all the recommendations:-
Looking For an All-in-One Multi-OS Patch Management Platform –
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…