Cyber security companies warn of new virus software distribution

A virus software that attacks dozens of crypto-applications, called Mystic Stealer, has spread on the web.

Mystic Stealer is a virus program. It costs $150 per month and targets 21 cryptocurrency applications. As well as 40 browsers, more than 50 cryptocurrency browser extensions and many other services and plugins.

Reports on Mystic Stealer, published almost simultaneously by cybersecurity companies InQuest, Zscaler and Cyfirma, warn of the spread of the new malware and its effectiveness.

The program is rapidly gaining popularity in the cybercriminal community and is increasingly being used in attacks, the experts warned.

Mystic Stealer released version 1.0 in April but had already been updated to version 1.2 by the end of May. The vendor advertised the new software on various hacker forums. While offering it on a subscription basis of $150 per month or $390 per quarter. The project also has a telegram channel where development news, software features and other topics are discussed.

When launched for the first time, Mystic collects information about the operating system and sends data to the attacker’s server. Then it already performs its specific tasks of looking for data stored in browsers (cookies) and applications.

The full list of services that the program hacks is given in the Zscaler and InQuest report. They include Chrome, Edge, Firefox and Opera browsers. As well as browser-based cryptocurrency wallets TronLink, BinanceChain, Coinbase Wallet, MetaMask and many others.

The Cyfirma report states that industry “veterans” have tested the effectiveness of the virus program and confirmed that the program has become a powerful tool for stealing information.

Our experts also note that Mystic’s developer banned the program’s use in CIS countries and added an exception for those regions to its code.