‘Styx Stealer’ malware developer accidentally exposes personal info to researchers in ‘critical opsec error’

Avatar

A suspected developer of a new malware strain called Styx Stealer made a “significant operational security error” and leaked data from his computer, including details about clients and earnings, researchers have found.

Styx Stealer is “a powerful malware” capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. The Israel-based cybersecurity firm Check Point, which analyzed the malware, said that it was used against its customers, though further details were not provided.

“The developer made a fatal error and leaked data from his computer, which allowed Check Point to obtain a large amount of intelligence,” researchers said in a report published last week.

The developer of Styx Stealer was found to be linked to one of the Agent Tesla threat actors known as FucosReal, who was involved in a spam campaign also targeting the company’s customers. Agent Tesla is a remote access malware that has been targeting Windows systems since 2014.

According to Check Point, the creator of Styx Stealer revealed his personal details, including Telegram accounts, emails and contacts, by debugging the stealer on his own computer using a Telegram bot token provided by a customer involved in the Agent Tesla campaign in March 2024.

“This critical OpSec failure not only compromised Styx Stealer’s anonymity but also provided valuable intelligence about other cybercriminals, including the originator of the Agent Tesla campaign,” researchers said.

Following the analysis, researchers were able to link Styx Stealer to a Turkish hacker known as Sty1x. This, in turn, allowed Check Point to track down FucosReal to an individual in Nigeria.

“The case of Styx Stealer is a compelling example of how even sophisticated cybercriminal operations can slip up due to basic security oversights,” researchers said.

CybercrimeMalwareNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Hackers target bank clients in Czechia, Hungary and Georgia in novel phishing campaign

Next Post

Hackers deployed new malware against university in Taiwan

Related Posts

New Linux Malware ‘sedexp’ Hides Credit Card Skimmers Using Udev Rules

Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team. "This advanced threat, active since 2022, hides
Avatar
Read More