Mystic Stealer malware first appeared in April 2023, when it was given to experienced hackers for testing. Cyfirma researchers now warn that the malware has become popular among bad actors on underground forums. The developer of Mystic Stealer altered the program according to user feedback which instigated a further surge in usage. There are now over 50 command-and-control (C&C) servers associated with the malware.
Mystic Stealer uses system calls to attack Windows targets and operates in memory to avoid leaving a trail. The malware was designed to hunt for specific datasets before securely exfiltrating information, and it does not rely on third-party libraries. C&C panels allow cybercriminals to fine-tune the malware to their specific needs. Cyfirma warns that Mystic Stealer can take passwords, cookies, financial information, system information, and files. These capabilities pose a direct threat to healthcare and finance organizations, as well as any industry handling personally identifiable information. Mystic Stealer is also particularly dangerous for users involved in the cryptocurrency business.
Read More: