New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

A new stealer malware is on the rise, designed to obtain user credentials to help attackers penetrate specific environments and obtain other information of financial value.

This spyware also targets Steam, Telegram, and cryptocurrency wallets. Additionally, the RC4-encrypted proprietary binary protocol is implemented by Mystic.

New Mystic Stealer Malware

Mystic Stealer specializes in data theft and can steal a variety of different types of data.

It is intended to gather computer data such as the system hostname, user name, and GUID. 

Additionally, it determines the geolocation of a likely system user using the locale and keyboard layout. Key Data may be extracted from cryptocurrency wallets and web browsers using Mystic Stealer’s functionalities. It gathers information on cryptocurrency wallets, browser history, arbitrary files, cookies, and auto-fill data. 

List Of System Data Gathered By The Malware

  • Keyboard layout
  • Locale
  • CPU information
  • Number of CPU processors
  • Screen dimensions
  • Computer name
  • Username
  • Running processes
  • System architecture
  • Operating system version

Additionally, researchers mention that some servers are found in the hosting areas of Latvia, Bulgaria, and Russia. 


IOCS shared by Zscaler :

C2 server endpoints observed in recent bot configurations

  • 194.169.175[.]123:13219
  • 185.252.179[.]18:13219
  • 142.132.201[.]228:13219
  • 135.181.47[.]95:13219
  • 94.130.164[.]47:13219
  • 94.23.26[.]20:13219
  • 91.121.118[.]80:13219

Sample hashes


Imphash: 8f2649698c183ba2b52e5e425852109d


Imphash: d6d4965d7fe2d90a52736f0db331f81a


Imphash: d6d4965d7fe2d90a52736f0db331f81a


Imphash: d6d4965d7fe2d90a52736f0db331f81a


Imphash: 9cd292d1fac1768b38a49bc6b288c67d

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!