New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers

[Parkinsond]

Content source

https://cybersecuritynews.com/new-rust-based-infostealer-extracts-sensitive-data/

The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics, combining modern programming techniques with traditional social engineering methods to compromise user credentials and financial information.

The threat actors behind this operation maintain multiple Telegram channels for distribution, updates, and even customer testimonials, demonstrating a professional approach to cybercrime infrastructure.

Trellix researchers identified this fully undetected malware sample during routine proactive threat hunting activities, revealing its sophisticated architecture and evasion capabilities. The research team discovered that the malware targets an extensive range of applications, including popular browsers like Chrome, Firefox, Edge, Opera, and Brave, along with communication platforms such as Discord and various specialized browsers used globally.

The distribution mechanism relies heavily on social engineering, with attackers disguising the malware as legitimate gaming software, cheat tools, or beta versions of popular games.

Victims typically encounter the malware through password-protected RAR files, where the password often follows predictable patterns like the game name suffixed with “beta” or “alpha”.

In some instances, threat actors have posted malicious links in online forums, even providing VirusTotal reports showing zero detections to establish credibility within gaming communities.

 

[Dexter_Morgan31]

"The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics, combining modern programming techniques with traditional social engineering methods to compromise user credentials and financial information.""

This is a stealer type that everyone saw before, Why this is special?

 

[Parkinsond]

This is a stealer type that everyone saw before, Why this is special?

Most notably, it employs string obfuscation using the Rust crate obfstr, which transforms readable strings into complex XOR operations that significantly complicate reverse engineering efforts.

The malware also implements comprehensive sandbox detection by checking for specific usernames and system files commonly associated with analysis environments, immediately terminating execution if such indicators are detected.

 

[Dexter_Morgan31]

I got it, i missed that part. Sorry

 

[Parkinsond]

I got it, i missed that part. Sorry

It is on me; I should quote the whole text, but I prefer to select part of to make reading easier, especially if one in hurry.