Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Cohesity Extends Cyber Resilience Leadership with New Security Innovat...
Cohesity and Semperis Announce Groundbreaking Offering that Unifies Da...
French luxury conglomerate announces massive April 2025 multi-brand da...
Four CVSS 9.8 vulnerabilities in failure simulation tool expose Kubern...
The future of video security: Poll finds surge in large-scale AI deplo...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Combating the surge in Asia Pacific credential abuse and ransomware

      Combating the surge in Asia Pacific credential abuse and ransomware

      Wednesday, September 17, 2025, 5:06 PM Asia/Singapore | Features
    • Featured

      The rise of digital wallets: What businesses in APAC need to know

      The rise of digital wallets: What businesses in APAC need to know

      Tuesday, September 2, 2025, 1:59 PM Asia/Singapore | Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Features
    • Featured

      Combating the surge in Asia Pacific credential abuse and ransomware

      Combating the surge in Asia Pacific credential abuse and ransomware

      Wednesday, September 17, 2025, 5:06 PM Asia/Singapore | Features
    • Featured

      The rise of digital wallets: What businesses in APAC need to know

      The rise of digital wallets: What businesses in APAC need to know

      Tuesday, September 2, 2025, 1:59 PM Asia/Singapore | Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning
News

Developer of new info/crypto-stealer malware commits a security lapse

By CybersecAsia editors | Tuesday, August 27, 2024, 1:57 PM Asia/Singapore

Developer of new info/crypto-stealer malware commits a security lapse

The use of a familiar Bot API for data exfiltration leads to the authentication token being derived from malware sample

Recently, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency assets was discovered by cybersecurity — due to a hacker’s negligence.

The malware is derived from Phemedrone Stealer, notorious for exploiting the CVE-2023-36025 vulnerability in the Microsoft Windows Defender SmartScreen function. While it inherits the former malware’s core functions, this derivative includes enhanced capabilities: a persistence mechanism; a clipboard monitor and crypto-clipper, and additional sandbox evasion, and anti-analysis techniques.

Dubbed Styx Stealer by its authors on the sales ad on the Dark Web, the malware is capable of stealing cryptocurrency during a transaction, by substituting the original wallet address saved in the clipboard with the attacker’s wallet address. The persistence mechanism ensures that the malware remains active on the victim’s system even after a reboot, allowing the crypto-clipper to operate continuously, and increasing the chances of successful cryptocurrency theft.

However, despite its powerful evasion features, Styx Stealer also harbors a “fatal error” made by its developer(s). The campaign uses the Telegram Bot API for data exfiltration. However, this method has a significant flaw: each malware sample must contain a ‘bot token’ for authentication. Decrypting the malware to extract this token provides access to all data sent via the bot, exposing the recipient account. Subsequently, via this approach, researchers managed to intercept a document from the debugging processes in the developer’s computer. The intercepted file contained screenshots of the Visual Studio integrated development environment project “PhemedroneStealer” featuring a Telegram Bot token and chat ID — matching what a sample of Agent Tesla contains.

Before long, all the intercepted clues had led to Check Point Research analysts connecting the dots and even intercepting other files that reveal the threat group’s operational details.

According to the firm’s blog, “The creator of Styx Stealer revealed his personal details, including Telegram accounts, emails, and contacts… the slightest mistake can lead to the de-anonymization and exposure of not only the individuals involved but also their associates, as demonstrated in this case. Even if these criminals are not arrested after being exposed, they will be fully aware that their activities will be under close watch. Continuing their criminal actions only strengthens the evidence against them.”

Share:

Previous‘The Charge of Change’: Dahua Technology Unveils D-Volt Intelligent EV Charging Solution
NextFighting AI with AI in banking and finance

Related Posts

Fighting digitalized cybercriminals with autonomous AI defense solutions: AI vs AI

Fighting digitalized cybercriminals with autonomous AI defense solutions: AI vs AI

Tuesday, November 24, 2020

Nan Fung Group rolls out secure NFC building access app for Apple Wallet users

Nan Fung Group rolls out secure NFC building access app for Apple Wallet users

Tuesday, July 2, 2024

Weighing the shortages and imbalances in cyber budgets, talent pools and human judgement

Weighing the shortages and imbalances in cyber budgets, talent pools and human judgement

Tuesday, March 12, 2024

Will robocall fraud start to decline in 2026 with stronger regulations?

Will robocall fraud start to decline in 2026 with stronger regulations?

Tuesday, June 17, 2025

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.