Styx Stealer Developer’s Error Uncovers Extensive Cybercrime Network

Researchers at Check Point Research (CPR) have discovered a new malicious software called Styx Stealer, which is capable of stealing browser data, Telegram and Discord session information, as well as cryptocurrency. Despite its recent emergence, this malware has already been observed in attacks, including those targeting the company’s clients.

The developer behind Styx Stealer was found to be linked to one of the threat groups responsible for the Agent Tesla malware, known by the alias Fucosreal. This individual participated in a spam campaign that also targeted the company’s clients. During the debugging process of Styx Stealer, the developer made a critical mistake and exposed data from their own computer. This allowed researchers to obtain a significant amount of information, including client data, profits, and contact details of other cybercriminals.

Styx Stealer was created based on an earlier version of another well-known virus, Phemedrone Stealer, which gained notoriety after exploiting a vulnerability in Windows Defender SmartScreen in early 2024. Phemedrone was initially available on GitHub but was later removed, leading to the emergence of various modifications, one of which became Styx Stealer. This malware is sold through the website styxcrypter[.]com and includes features for automatic startup, clipboard monitoring, and anti-analysis protection.

CPR determined that the Styx Stealer developer also created and used Telegram bots to transmit stolen data. During the investigation, it was revealed that the creator of Styx Stealer actively collaborated with another cybercriminal known as Mack_Sant, who provided a token for use in Styx Stealer.

Additional information obtained during the investigation showed that Styx Stealer was used in attacks on companies from various industries, including the diamond and metallurgical sectors, among others. However, despite active attempts to spread the malware, researchers were able to prevent damage to their clients.

This case is a vivid example of how even experienced cybercriminals can make mistakes that reveal their identities and plans. As a result of the Styx Stealer developer’s error, Check Point Research was able to obtain crucial data that will help in the fight against cyber threats and protect companies from similar attacks.