A new stealer malware is on the rise, designed to obtain user credentials to help attackers penetrate specific environments and obtain other information of financial value.
The strain, which is being referred to as Mystic Stealer, has been explored in detail jointly by Zscaler and InQuest, following a surge in cases since April 2023 and the alarming extent of its reach.
According to the reports, Mystic steals credentials from almost 40 web browsers (including Chrome, Edge, Firefox, and Opera, but not Safari) and over 70 browser extensions (including Coinbase Wallet, Dashlane, and LastPass).
Internet users warned of Mystic Stealer malware
The researchers at Zscaler and InQuest liken the stealer to most others in the way that it pillages autofill data, browsing history, arbitrary files, and cookies. It’s also been designed to collect computer information, such as system hostname, user name, and GUID.
Most alarming is this variant’s ability to obtain information related to cryptocurrency wallets, which have become increasingly popular in recent years.
The analysis details how Mystic Stealer collects and exfiltrates information to the command and control server, which then handles parsing, instead of extracting credentials locally on the victim’s device.
The cybersecurity firms responsible for the article believe this is in an effort to “keep the size of the stealer binary smaller and the intention less clear to file analyzers.”
Overall, the conclusion is that Mystic Stealer is “looking to produce a stealer on par with the current trends of the malware space while attempting to focus on anti-analysis and defense evasion.”
Predicting the trajectory of the stealer is impossible, however analysts are apparently concerned about its sophistication at such a young age, thus the scope for widespread damage is noted.
The usual cybersecurity protection steps apply, and those who suspect they may have been the victim of an attack should consider installing malware removal software.