_sleepyfellow_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![watchOS 26 May Bring Third-Party Widgets to Control Center [Report]](https://www.iclarified.com/images/news/97520/97520/97520-640.jpg)
![AirPods Pro 2 On Sale for $169 — Save $80! [Deal]](https://www.iclarified.com/images/news/97526/97526/97526-640.jpg)
_Michael_Vi_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![From electrical engineering student to CTO with Hitesh Choudhary [Podcast #175]](https://cdn.hashnode.com/res/hashnode/image/upload/v1749158756824/3996a2ad-53e5-4a8f-ab97-2c77a6f66ba3.png?#)
![[FREE EBOOKS] Solutions Architect’s Handbook, Continuous Testing, Quality, Security, and Feedback & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers
A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics, combining modern programming techniques with traditional social engineering methods to compromise user credentials and financial […] The post New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers appeared first on Cyber Security News.
A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers.
The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics, combining modern programming techniques with traditional social engineering methods to compromise user credentials and financial information.
.webp)
The malware has been actively distributed since late December 2024 through an organized network of fraudulent gaming websites and Telegram channels.
Initially offered as a free trial to attract users, Myth Stealer has since transitioned to a subscription-based model, with cybercriminals purchasing weekly and monthly access using cryptocurrency and Razer Gold payments.
The threat actors behind this operation maintain multiple Telegram channels for distribution, updates, and even customer testimonials, demonstrating a professional approach to cybercrime infrastructure.
.webp)
Trellix researchers identified this fully undetected malware sample during routine proactive threat hunting activities, revealing its sophisticated architecture and evasion capabilities.
The research team discovered that the malware targets an extensive range of applications, including popular browsers like Chrome, Firefox, Edge, Opera, and Brave, along with communication platforms such as Discord and various specialized browsers used globally.
The distribution mechanism relies heavily on social engineering, with attackers disguising the malware as legitimate gaming software, cheat tools, or beta versions of popular games.
Victims typically encounter the malware through password-protected RAR files, where the password often follows predictable patterns like the game name suffixed with “beta” or “alpha”.
In some instances, threat actors have posted malicious links in online forums, even providing VirusTotal reports showing zero detections to establish credibility within gaming communities.
Advanced Infection and Evasion Mechanisms
The technical sophistication of Myth Stealer becomes apparent through its multi-layered infection process and comprehensive evasion strategies.
Upon execution, the malware employs a loader component that displays convincing fake windows to victims while simultaneously decrypting and executing the actual stealer payload in the background.
.webp)
These deceptive interfaces utilize Rust crates such as native-windows-gui, egui, or native_dialog to create authentic-looking application windows that mask the malicious activity occurring behind the scenes.
The stealer component itself is implemented as a 64-bit DLL file with sophisticated anti-analysis features.
Most notably, it employs string obfuscation using the Rust crate obfstr, which transforms readable strings into complex XOR operations that significantly complicate reverse engineering efforts.
The malware also implements comprehensive sandbox detection by checking for specific usernames and system files commonly associated with analysis environments, immediately terminating execution if such indicators are detected.
For Chromium-based browsers, Myth Stealer employs a particularly clever technique involving remote debugging capabilities.
The malware launches browser processes with specific parameters including “–remote-debugging-port=9222”, “–remote-allow-origins=*”, and “–headless” to establish a debugging session that enables direct access to browser data without traditional file-based extraction methods.
In recent versions, the malware attempts to escalate privileges using the Windows ShellExecuteW API with “runas” parameters, enhancing its ability to access protected browser databases.
The persistence mechanism demonstrates equal sophistication, creating a file named “winlnk.exe” in the user’s AppData\Roaming directory while establishing custom registry entries that associate a fake “.lnkk” file extension with the malware executable.
This approach ensures the malware survives system restarts while maintaining a low profile that evades standard security monitoring focused on conventional persistence techniques.
Speed up and enrich threat investigations with Threat Intelligence Lookup! -> 50 trial search requests
The post New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers appeared first on Cyber Security News.
