Bitcoin Forum

There is a new nformation-stealing malware called Mystic Stealer, which targets a lot of browsers and and web browsers extension that includes, our cryptocurrencies.
So this malware extracts data from the host computer, and then it can also extracts cryptocurrency wallets, and then collects auto-fill data, browsing history, cookies and others.


https://i.ibb.co/1MWSKHQ/Screen-Shot-2023-06-20-at-6-32-12-PM.png (https://ibb.co/Vx4KDX9)
https://i.ibb.co/qWXMKGM/Screen-Shot-2023-06-20-at-6-32-32-PM.png (https://ibb.co/WPqWZ9W)
https://i.ibb.co/xqdHD7v/Screen-Shot-2023-06-20-at-6-32-48-PM.png (https://ibb.co/hFwfym5)
https://i.ibb.co/RcFmcPL/Screen-Shot-2023-06-20-at-6-33-01-PM.png (https://ibb.co/sqfGqQL)
https://i.ibb.co/2dMFp7v/Screen-Shot-2023-06-20-at-6-33-15-PM.png (https://ibb.co/pdK1kvf)

Targeted Cryptocurrency Applications:

• MyMonero
• Exodus
• Binance
• Raven
• Armory
• Dogecoin
• MultiBit
• Bitcoin
• DashCore
• Electrum
• Litecoin
• BitcoinGold
• WalletWasabi
• Atomic
• Guarda
• Electrum-LTC
• MyCrypto
• Bisq
• DeFi Blockchain
• Coinomi
• TokenPocket

Mode of infection is always the same, crack softwares, torrents and warez, unsolicited emails.

So again, just a reminder to everyone just to be careful of anything you download in the web as it may contains a malware and might be too late once our crypto wallets have been drained.

https://inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block

I am not a technical person even though i am a student of computer sciences, but still the terms and terminologies used in the sourced article are going above my head, i have to understand each term individually like how he is doing that, but all we care about is how can we save ourselves from it, as you mentioned he is using the same old techniques used by many other hackers AFAIK, our cookies that we allow, basically a big loophole in the website which leads hacker directly to your personal data, and i wonder how can web extension wallets can be compromised by it, because they do not have any auto fill option unless you use any third party software which in itself is harmful. Then how the hacker could extract our passwords, well after reading article i think he used our keystroke, processing power, etc information to conclude results.

We have been taught by our teacher in Data security that, hackers are so smart now they can understand and easily identify the keystrokes of your keyboard and they can extract the useful data just by the information of your processor's, ram's and network's information. This is really awesome. He seems to be a legend hacker plus he is using his own encryption method to send and receive data under the nose of all firewalls and to decrypt his protocol definitely decrypter might be working and this case really excites me now.

How else can it get, by letting hackers get into your system, anti-virus and malware are ineffective some can still manage to get it, awareness is the first prevention you should always be aware of what you're opening and what you're downloading even on sites that you think are safe

Just reading the article makes us scared of what this virus can do to our system


So double your effort, awareness, and education everything you've had are stake here, and make security your number one concern especially if you are involved in Cryptocurrency.

Thanks for the warning.
Scammers are just trying harder every single day. The more one tries to upgrade security, the more they are also trying their best to bypass it and introduce more tricky ways of hijacking victims funds and information.

So far, so good. I have learned to always avoid some kind of unwanted application on my gadgets, especially those that I don't need. These days, even apps from trusted sites are, to some point, also clones of the original app.
We should all just be careful out there, not just for crypto theft's malware but for both our personal data and other financial-related information that could be stolen with the help of those apps.

This update is worth it mate and thanks for sharing.
I have been wondering all these while when will all  these nefarious act by hackers be stalled.
The rate at which they invent  malware's just to get their ways into people's privacy is something else. On several occasions I have received mails with clickbait links which are very much suspicious to be scammers and their malware's. It takes a sensitive and smart individual to see such and know what they are up to and possibly do the needful in time to save their details.

I basically do download apps from google store but these days, no one can tell the original from the fake anymore as the duplicates are almost similar with no difference. Downloading apps and browser extension these days are not safe anymore if not from a recommended source.

One need be careful as to what they download on their gadgets and look link they click these days in other to protect their privacy and other stuffs online or attached to them.

Downloading applications, email links, sms or chatting is easy to spread the virus. However, sometimes someone accidentally clicks on an ad on a website, which in fact takes us to a dangerous website and contains a malware. Generally this happens for those who don't feel the need to use antivirus and adsblockers. For those who are hunting for airdrops, faucets, this often appears as a dangerous website from these advertisements, this can also trigger a virus.

It is basically the people who download from unauthorized sites and cracks from the internet. You can avoid ad's by not clicking them but when you go to a scam website or download some crack software from internet you have to turn of the antivirus and that is what scammers wants. I have a habit of downloading pirated games and softwares now I am well aware of the situation and avoid doing the stuff on my main device.

Thanks for the share.
I do download a few extensions but good thing that most of them are not related to crypto. I see that an authenticator is targeted and that's authy. I think those that are using this authenticator much better download the app version and not the extension one.
Just to be sure that there are apps and extensions that are convenient but if you've seen a report like this, you gotta switch quickly.

You should have been a little more careful and followed the link in the article in red. All the explanations are written there, including how exactly the same Stealer can steal information from browser add-ons and how to extract passwords.

https://blogs.blackberry.com/en/2022/02/threat-thursday-arkei-infostealer


But you don't even need to be a technical expert to understand that this and other similar viruses attack Windows users.

https://i.ibb.co/W3d97WD/Screenshot.png (https://ibb.co/PYbpJZT)

And again, as a repetition of the past, I can give good advice about using and learning the Linux system. :)

Mode of infection is wInD0ws OS first, than everything else.
This is almost impossible to happen on Linux or Mac OS, and it's not only because they are safer but because it's easier for hackers to target win users.
There are 99% less malware on good Linux OS and most of the stuff can be installed, including everything Bitcoin related.

Yeah, if we are talking about the lesser evil here, then Linux or Mac OS is good. In the last couple of years I switch to Mac OS and I'm happy to do that.

Because we all know how Windows OS sucks and then if we involved ourselves in crypto, we just don't know. Even if we think we are safe and practice safe hygience, there could still be some loopholes in Windows that this cyber criminals are going to take advantage to inflict malware and then target our crypto wallets.

Thanks for the heads up! The online space is now becoming a more dangerous water to tread. Utmost vigilance is needed more than ever. It's clear malwares are fast developing. It's worrisome reading this new kid on the block especially knowing that the development of this one has a "focus on anti-analysis and defense evasion." I'm afraid this might not easily be detected by weaker anti-virus.

Every click matters now more than ever. A single error could cost us our entire wallet.

People must be more carefully, security-wise practice if they have cryptocurrency accounts, cryptocurrency wallets on their devices.

Cracked softwares, unsafe.
Unsolicited emails, unsafe.
Personal messages on Telegram, Discord, Whatsapp from strangers, unsafe.
Never click on links from anyone especially if those links sent by strangers.

Could you explain more about security risk from Torrents and Warez?

How about big files from Google Drive? Google Drive will warn us that a file is too big and they can not scan virus for us.

I agree, and every year the attack is getting bolder from this cyber criminals and it's really hard to detect this malware. That's why we really need to be vigilant in this times. I mean we don't want to lose our money just like that because we have work hard for that.

Majority of us are doing DCA months after months so going to be very difficult to see that one day everything is gone because those hackers was able to install their malware on our machines. So the burden is upon us to be very careful of links or any source of malware, (like downloading from unknown and not secure sites).

Hacking and scamming are at an all-time high and they will go higher, awareness of the risk on every file you encounter is more important than ever, it is not ok to rely everything on anti-virus and anti-malware.

Now more than ever we have to upgrade our knowledge about security, hackers are working 24/7 to devise a scheme to hack as many computers as possible because they know every computer is a potential keeper of cryptocurrency.


 

I completely agree with you. There are Trojans that are encrypted professionally, as they do not appear to anti-virus programs as viruses. We should not rely on anti-virus programs, no matter how powerful they are, as they can only protect our devices by 50%, but the remaining 50% depends on us to immunize our devices to avoid download cracks and unknown programs from YouTube and unknown sites and stores, there are a lot of scam web extensions for wallets, fake phone applications and phishing domains, they target everything that investors and traders use in the crypto space a lot, also two-factor authentication should always be activated in all our accounts and wallets and its application should be on a separate phone or computer, and we should not save passwords in any browser, credit card information, or any sensitive information because if the device is hacked, the browser data will be in the hands of the fraudster on a plate of gold.

It's obvious that this are cracks software from Warez and most likely it might continue some form of malware.

Same for Torrents, you might not be aware but this criminals can attach malware too to the movies or anything that you downloaded.

So the moral of the story is that you shouldn't download from unknown sites, simply as that.

That's why having an updated AV is always a good to go. Always scan every file you downloaded from torrent, movies or software/apps. But the best thing is to separate your personal own computer to only wallet activity, expensive but its better safe than never.

I actually did the same. i have two laptop, one for sample use including downloading, browsing purpose while other just for performing crypto related task. i did not installed amy third party software in crypto laptop and so far i am saved. sample use laptop where I installed many thirds party software are full of malware( keyboard hacked). i will recommend smart phone for transaction which is still safe.

Can it be applied with GIFs?

I remembered I read that GIFs can be used to attach malwares and those GIF files can infect our devices too. That writer recommends that we should limit ourselves in using GIFs. Like in Telegram, we should turn off automatic download features to avoid potential threats.

How to stop Telegram Auto-download (https://www.itgeared.com/how-to-stop-telegram-auto-download/)

Just read the link provided by OP at the bottom here https://inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block.

I try to find how to spot if my system is compromise, but there is no easy way to detect that, usually we can spot a malware by its process name on the 'Task Manager' (on windows) or Activity Monitor (for Mac). But in the article there is no way do such thing to spot the malware, the only thing to do was trace the network route, whether or not our browser send some data to certain server, which might be just few easy step for some people, but for someone that are not too savvy with networking that will be quite tricky to do.

Targeted Cryptocurrency Applications represent a mixture of closed and open source wallets, which means that the target is not cryptocurrency wallets, but the operating system. Your use of the Linux operating system will reduce these risks a lot.Do not install applications from unknown sources, random clicking on links and similar tips are still good solutions for such viruses, but I think that antivirus services prepare such lists of wallets to give fragmented solutions and thus higher returns for them.

When they successfully infect your computer, they can collect many types of data and can analyze data they steal from your devices to do further steps. Like stealing your online accounts, your exchange accounts or accessing your cryptocurrency wallets and moving your coins and tokens.

They can do it instantly with your compromised cryptocurrency wallets or they can simply note it down, add it to their real time tracker tools and wait till a day your wallets have a big IN transaction then they will steal that big amount.

Linux is less targeted by hackers than Windows and it is better to use if you are using cryptocurrency wallet.
Linux Mint https://linuxmint.com/

Even you use Linux, don't do everything, install many softwares on a computer you store your wallets. Have air-gapped wallets to store your cryptocurrency is best on whatever operating system.

Yes, I think GIF's too can be attached and put a malware by this criminals. Like in this report: Hackers can now sneak malware into the GIFs you share. (https://www.digitaltrends.com/computing/hackers-sneak-malware-into-gifs/) So no one is safe, everybody should do their due diligence right now. You can't just open anything in the web without our crypto not compromised as it is not the top target of criminals as it is easy to hide once they stole our crypto as transactions are irreversible.

Yes, but the thing is not everyone is fond of using Unix or Linux flavor as a OS because it's not user friendly like Windows.

So most likely this is the target audience of this stealer and for us crypto users, very hard to really get away of not using Windows. And with that, we really need to be very careful as others have said. Clicking links or even downloading is not a safe practice.

Always go with the official website if we want to download something.