Sure, the name sounds transcendent and otherworldly. The menace behind the name is most assuredly not. Mystic Stealer popped up in April with an initial subscription price of $150 per month or $390 for three months [1]. Yes, you read that correctly. Black hat hackers are subscribing to malware on a monthly basis with deals for longer subscriptions. Malware has become a service in the same way that office software or antivirus is. It is available to anyone who has the money to pay for it. Here’s what it does.
Mystic Stealer is designed to collect as much data as possible from an infected device. It will comb through web browsers looking for saved passwords and other tidbits of personal information that may be lingering in browser cookies or cache. The malware uses Python code along with Windows APIs showing a level of sophistication not seen in all malware samples. For a twist, it also targets credentials for many cryptocurrency sites.
One of the more frightening features of this malware is its use of polymorphic code to evade detection. Polymorphic programs are able to change on the fly to better fit the runtime environment. Shape-shifting code started with object-oriented languages like C++ in the 1990s. This is not brag-and-drop programming. Again, this speaks to the level of complexity in the design of this theft software.
In case you needed another reason to be frightened of this malware, here is another one. The black hats had the audacity to openly post their work and ask for feedback on how to improve it. According to DarkReading, “they made the stealer available for testing to underground forum veterans to verify its effectiveness and make suggestions for enhancement, which were incorporated into new versions of the stealer, noted Cyfirma researchers” [2]. We have bad actors carrying on as if they are legitimate scientific researchers seeking insight from the community.
How can we guard ourselves against Mystic Stealer, you may ask? The DarkReading article identifies ways to protect against this digital mayhem. They include “a best-practices layered defense strategy that combines threat prevention technologies, up-to-date antivirus software, firewalls, intrusion detection systems, and regular security patching, which can significantly reduce the risk of Mystic Stealer infiltration”[2]. Please notice they mentioned up-to-date anti-virus, firewalls, and regular security patching as ways to protect against this nightmare.
Sources: [1]https://www.darkreading.com/endpoint/mysterious-mystic-stealer-spreads-wildfire-mere-months
Comentarios