SC Media | Extensive targeting exhibited by novel Mystic Stealer malware
Originally posted on SC Media here
Written by SC Staff
Nearly 40 web browsers and more than 70 browser extensions, as well as cryptocurrency wallets, Telegram, and Steam, could have their credentials and other data exfiltrated by the novel Mystic Stealer information-stealing malware, according to The Hacker News.
Malicious targeting is concealed by Mystic Stealer through polymorphic string obfuscation, runtime constant calculations, and hash-based import resolution, a report from InQuest and Zscaler revealed. Moreover, operators updated the malware last month to include a loader that would facilitate next-stage payload retrieval and execution from its command-and-control servers, up to 50 of which have been discovered to be operational.
A separate Cyfirma study showed that suggestions for the improvement of Mystic Stealer are being sought by operators through their Telegram channel.
“It seems clear that the developer of Mystic Stealer is looking to produce a stealer on par with the current trends of the malware space while attempting to focus on anti-analysis and defense evasion,” said Cyfirma researchers.