A new malware called Styx Stealer is targeting Windows computers and stealing cryptocurrency from users. The malware was discovered by cybersecurity firm Check Point Research in April 2024. Styx Stealer exploits a vulnerability in Windows Defender that was patched by Microsoft last year.

However, users with outdated systems are still at risk. The malware is an enhanced version of an older threat called Phemodrone Stealer. In addition to stealing saved passwords, cookies, auto-fill data, and instant messenger sessions, Styx Stealer has a new feature called crypto clipping.

This function monitors the clipboard for cryptocurrency wallet addresses and replaces them with the attacker’s address during transactions.

Crypto-stealing malware targets Windows users

The malware is available for rent on the developer’s website, with prices starting at $75 per month or $350 for a lifetime license.

Transactions can be made via Telegram using various cryptocurrencies. Check Point Research identified eight wallets belonging to the Turkey-based developer, which received around $9,500 in payments for the malware in its first two months. They also obtained the developer’s contact information, including Telegram accounts, email addresses, and phone numbers.

According to a recent report by Chainalysis, legitimate cryptocurrency activity is growing faster than illicit activity. However, the value of crypto stolen through hacking has increased, partly due to the recovery of Bitcoin prices. As cybersecurity threats continue to evolve, it is crucial for users to keep their systems updated and use strong security measures to protect against sophisticated attacks like Styx Stealer.