Cybersecurity researchers have uncovered a new Rust-based information stealer, dubbed Myth Stealer, actively targeting Chrome and Firefox users. This sophisticated malware is primarily spread through deceptive fake gaming websites, tricking users into downloading what they believe are legitimate applications or game cheats, while secretly compromising their sensitive data.

Myth Stealer: A New Threat Emerges

Myth Stealer, initially offered as a free beta on Telegram in late December 2024, has quickly evolved into a malware-as-a-service (MaaS) model. It is designed to pilfer passwords, cookies, and autofill information from a wide array of Chromium- and Gecko-based browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and Mozilla Firefox.

Distribution Tactics

The malware's operators employ various deceptive methods for distribution:

• Fake Gaming Websites: The primary vector involves fraudulent websites, some hosted on platforms like Google's Blogger, that offer video games under the guise of testing. These sites are visually similar to those used for other stealers, though Myth Stealer is distinct in its Rust-based architecture.

• Cracked Software: Myth Stealer has also been found disguised as cracked versions of game cheating software, such as DDrace, distributed on online forums.

Operational Mechanics

Upon execution, Myth Stealer displays a fake setup window to mislead users into believing a legitimate application is being installed. Simultaneously, it decrypts and launches its malicious stealer component in the background. This 64-bit DLL file attempts to terminate running browser processes before exfiltrating stolen data to a remote server or a Discord webhook. The malware also incorporates anti-analysis techniques like string obfuscation and system checks to evade detection.

Key Takeaways

• Myth Stealer is a Rust-based information stealer targeting major web browsers.

• It is primarily distributed through fake gaming websites and cracked software.

• The malware uses deceptive interfaces and anti-analysis techniques.

• Operators initially marketed it on Telegram, transitioning to a MaaS model.

• Users should exercise extreme caution when downloading software from unofficial sources, especially gaming-related content.

Broader Malware Landscape

The emergence of Myth Stealer highlights a growing trend of malware distribution through game-related lures. Other recent examples include:

• Blitz Malware: Spread via backdoored game cheats and cracked installers, Blitz is a Windows malware with capabilities for keylogging, screenshots, file manipulation, and even denial-of-service attacks. Its components and C2 infrastructure were notably hosted on Hugging Face Space.

• DuplexSpy RAT: A C#-based remote access trojan published on GitHub, DuplexSpy RAT offers extensive surveillance and control features, including keylogging, screen capture, webcam/audio spying, and remote shell access. It can also enforce a fake lock screen to manipulate victims.

These developments underscore the persistent threat posed by sophisticated malware and the importance of vigilance when interacting with online content, particularly from unverified sources. As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users, The Hacker News.