The new malicious code Mystic Stealer is increasingly being used in attacks
According to recent reports, malicious software known as Mystic Stealer has gained popularity among cybercriminals and is increasingly used in attacks on computer systems.
Mystic Stealer is malicious code designed to steal confidential information from storage systems, such as web browsers, email clients, and messengers. It is distributed through phishing emails or compromised websites containing malicious code.
Once Mystic Stealer is installed on a computer, it begins collecting various types of confidential information, such as passwords, cookies, input form data, and files stored on the hard drive. The malicious program can also be used to steal cryptographic keys that allow attackers to access encrypted files or communications. According to cybersecurity company analysts, Mystic Stealer is becoming increasingly popular among cybercriminals because it has a relatively simple interface, is easy to use, and is reliable in its operation. Criminals can purchase this malicious code on dark web marketplaces or obtain it through cybercriminal groups.
One of the most common attack vectors used by Mystic Stealer is phishing emails containing links to compromised websites. When the victim clicks on the link and opens a web page containing malicious code, Mystic Stealer is automatically installed on their computer without their knowledge or consent. After installation, it begins its activities and gradually steals confidential information from storage systems.
Cybersecurity measures include updating antivirus software, regularly updating the operating system and web browser, and exercising caution with email and links. Additionally, it is recommended to use strong, unique passwords for different accounts and enable two-factor authentication to enhance security.
If you suspect that your computer may be infected with Mystic Stealer or any other malicious software, it is recommended to immediately contact cybersecurity experts to detect and remove the threat.
After the initial launch, Mystic gathers information about the operating system and hardware and takes screenshots, sending data to the attacker’s command and control (C2) server. Depending on the instructions received, the malicious code will be directed at more specific data stored in web browsers, programs, and more. Reports from Zscaler and Inquest include a comprehensive list of target programs, including popular web browsers, password managers, and cryptocurrency wallet programs.
- Google Chrome
- Mozilla Firefox
- Microsoft Edge
- Authy 2FA
- Gauth Authenticator
- EOS Authenticator
- LastPass: Free Password Manager
- Trezor Password Manager
- RoboForm Password Manager
- Dashlane — Password Manager
- NordPass Password Manager & Digital Vault
- MYKI Password Manager & Authenticator
Although the future of Mystic Stealer is still under discussion, considering the unstable nature of illegal MaaS (Malware-as-a-Service) projects, its emergence signifies an increased risk to users and organizations.
The recent addition of a downloader can help Mystic operators deploy ransomware on compromised computers, so it is strongly recommended to exercise caution when downloading software from the internet.