Myth Stealer Malware
Cybersecurity researchers have uncovered a previously undocumented information-stealing malware written in Rust, known as Myth Stealer. This malicious software is being spread via fraudulent gaming websites. Once executed, it displays a fake installation window to appear legitimate while secretly decrypting and launching its malicious payload in the background.
Table of Contents
From Freeware to Full-Fledged Malware-as-a-Service
Initially introduced for free in its beta version on Telegram in late December 2024, Myth Stealer has since evolved into a Malware-as-a-Service (MaaS). It is designed to harvest sensitive information such as passwords, cookies, and autofill data from Chromium- and Gecko-based browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and Mozilla Firefox.
Telegram Tactics and Marketplace Activity
Operators behind Myth Stealer maintained multiple Telegram channels used for advertising stolen accounts and sharing user testimonials. These channels have since been taken down by Telegram, disrupting one of the malware's primary marketing and support avenues.
Fake Game Sites Fuel the Spread
Researchers have linked the distribution of Myth Stealer to deceptive gaming websites, including one hosted on Google's Blogger platform. These sites pose as test platforms for video games to lure unsuspecting users. Interestingly, a nearly identical Blogger page was previously used to distribute another stealer named AgeoStealer.
Myth Stealer vs. AgeoStealer: Similar Tactics, Different Code
Despite the similarities in their delivery methods, no technical connection has been found between Myth Stealer and AgeoStealer. While AgeoStealer is developed in JavaScript and packaged as an Electron app, Myth Stealer is distinctly built using the Rust programming language.
Cracked Software and Forum Bait
Myth Stealer has also been spotted masquerading as a cracked version of DDrace, a game cheating software, on online forums. This points to a broader and varied distribution strategy designed to trap unsuspecting gamers and cheat-seekers.
Sleight of Hand: Deceptive Execution Process
Regardless of how it's delivered, the malware's loader presents a fake setup window to maintain the illusion of legitimacy. Behind the scenes, it decrypts and runs the stealer component, initiating the data theft process without the user's knowledge.
Stealing in Stealth: Technical Capabilities
Within its 64-bit DLL payload, Myth Stealer attempts to terminate active browser processes before extracting data. It exfiltrates stolen information to a remote server or, in some instances, to a Discord webhook.
Evading Detection: Evolving Tactics
Myth Stealer incorporates anti-analysis techniques, such as string obfuscation and system checks based on filenames and usernames. The developers frequently update the malware to evade antivirus detection and have added features like screen capture and clipboard hijacking to expand its capabilities.
Conclusion: A Rising Threat in the Malware Landscape
Myth Stealer represents a sophisticated and evolving threat, leveraging modern malware development practices, multi-channel distribution strategies, and evasive techniques. Its emergence underscores the growing risks of downloading software from untrusted sources, particularly in the gaming community.
