A new stealer malware is on the rise, designed to obtain user credentials to help attackers penetrate specific environments and obtain other information of financial value.
This spyware also targets Steam, Telegram, and cryptocurrency wallets. Additionally, the RC4-encrypted proprietary binary protocol is implemented by Mystic.
New Mystic Stealer Malware
Mystic Stealer specializes in data theft and can steal a variety of different types of data.
It is intended to gather computer data such as the system hostname, user name, and GUID.
Additionally, it determines the geolocation of a likely system user using the locale and keyboard layout. Key Data may be extracted from cryptocurrency wallets and web browsers using Mystic Stealer’s functionalities. It gathers information on cryptocurrency wallets, browser history, arbitrary files, cookies, and auto-fill data.
List Of System Data Gathered By The Malware
- Keyboard layout
- CPU information
- Number of CPU processors
- Screen dimensions
- Computer name
- Running processes
- System architecture
- Operating system version
Additionally, researchers mention that some servers are found in the hosting areas of Latvia, Bulgaria, and Russia.
IOCS shared by Zscaler :
C2 server endpoints observed in recent bot configurations