In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer.
Check Point investigation revealed critical missteps by the developer of Styx Stealer, including a significant operational security (OpSec) lapse that leaked sensitive information from his own computer. The roots of Styx Stealer can be traced back to Phemedrone Stealer, which became widely known in early 2024 when the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen was exploited to deliver this malware.
Read more…
Source: Check Point
Related:
- The nasty future of ransomware: Four ways the nightmare is about to get even worse
October 31, 2017
2017 has been the year of ransomware. While the file-encrypting malware has existed in one form or another for almost three decades, over the last few months it’s developed from a cybersecurity concern to a public menace. The term even made it into the dictionary in September. In particular, 2017 had its own summer of ransomware: while incidents ...
- Ramnit worm: Still turning up in unlikely places
October 27, 2017
The Ramnit worm (W32.Ramnit) was an aggressively propagated Windows-based worm that first appeared around 2010. Its creator used an extensive range of propagation techniques to ensure that it spread quickly and widely. Once it infects a computer, it copies itself to all attached and removable drives. Crucially, it also searches for and infects .exe, .dll, ...
- Ursnif Banking Trojan Spreading In Japan
October 26, 2017
Attackers behind the pervasive banking Trojan Ursnif have made Japan one of their top targets, delivering the malware via spam campaigns that began last month. For years, Ursnif (or Gozi) has targeted Japan along with North America, Europe and Australia. But according to a recent IBM X-Force analysis of the malware, hackers have stepped up Ursnif ...
- Bermuda cyber hack: Offshore law firm data hack leaves super-rich bracing for financial details to be released
October 25, 2017
A leading offshore law firm with clients including the super-rich and international corporations has revealed it suffered a “data security incident” that may result in customers’ private information being leaked. Bermuda-based Appleby, which has offices in a number of British overseas territories, said some of its data had been “compromised” in the 2016 cyber incident. The firm ...
- Millions of Networks Compromised by New Reaper Botnet
October 24, 2017
A new and growing botnet called Reaper or Troop (detected by Trend Micro as ELF_IOTREAPER.A) has been found currently affecting more than one million organizations. According to the security researchers from Check Point and Qihoo 360 Netlab, the botnet they discovered is more sophisticated and potentially more damaging than Mirai. Reaper actually uses some of the code from ...
- Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe
October 24, 2017
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed “Bad Rabbit,” is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock ...