Latest posts by Content (see all)
- Maidstone, Sask. RCMP Seizes Several Kilos of Meth, Cocaine, and Fentanyl - July 17, 2023
- Undetectable Info Stealer: Sold on Darknet - July 14, 2023
- US Feds’ New Task Force Targets Darknet Markets - July 14, 2023
Mystic Stealer: Advanced Data Theft and Evasion
Mystic Stealer is a very advanced information thief that targets close to 40 browsers and manages to elude detection using improved coding techniques. To access sensitive data without authorization, it focuses primarily on crypto wallets and other apps. The virus also gathers information about the device, including hostname, username, and geolocation, as well as login credentials from services like Telegram and Steam. It employs a mix of C and Python programming languages and runs independently, without requiring the use of other libraries for decryption. Mystic Stealer uses anti-virtualization methods, communicates with command and control (C2) servers for data transmission, and has capabilities including loader functionality and termination after expiration.
C2 Server Interactions and Evasion Tactics
Mystic Stealer uses a proprietary Python XOR hashing method to dynamically load Windows APIs while obscuring constant values in real time. To evade antivirus detection, the gathered data is marked with binary tags and delivered straight to the C2 server without writing to disk. The virus uses up to four C2 endpoints for offline or blacklisted devices and a decryption technique for safe connection. Mystic Stealer exploits termination upon expiration, checks system time against preset settings, and uses CPUID instructions to identify virtual environments in order to avoid discovery. It looks for particular strings that are connected to virtual software and denote the existence of virtual machines. The detecting code, according to researchers, is developed from Pafish. Mystic Stealer acts covertly and reduces the chance of being discovered and eliminated thanks to these effective evasive techniques.
Data Exfiltration: Mystic Stealer’s Targeted Pilfering
The data exfiltration method used by Mystic Stealer is targeted pilfering. To have the most effect on cyber espionage efforts, it carefully pulls sensitive information from infiltrated computers, such as passwords, browser data, cryptocurrency wallets, and device-related information.