During an investigation last week one of our analysts came across a forum on the dark web which was claiming to sell malware. We have posted recently about Malware (malicious software) and how it can infiltrate your systems sent by malicious actors.
This particular malware is called ‘Mystic Stealer,’ and is interesting due to what it targets. It can exploit 40 web browsers, 70 browser extensions, 21 crypto currency applications and Multi-Factor-Authentication (MFA) management applications amongst other things. There is also a subscription service available and a Telegram channel to facilitate discussions on development update and feature requests if you’re a user.
Mystic Stealer version 1.0 appeared in late April 23 but quickly ramped up to version 1.2 towards the end of May, indicating an active development for the project. Malware and Spyware is constantly changing to keep up with technology, infrastructure and ways to bypass security. The seller advertises the malware on multiple hacking forums, renting it to interested individuals for the subscription price of $150 a month.
What does this mean to users? Mystic Stealer is an efficient stealer which continuously improves its capability in a short period of time, based on users’ upgrade needs, and provides complete control over data. It poses substantial risks and potential impacts from the perspective of external threat landscape management. By implementing a proactive approach to security, maintaining strong defences, fostering employee awareness, and having effective incident response plans in place, individuals/organisations can minimise the impact of Mystic Stealer and enhance their resilience to emerging threats; therefore, whenever downloading or clicking on a link from the internet or an email, always ere on the side of caution – if in doubt, don’t click on it.