Unpacking Myth Stealer: A New Cyber Threat Emerging from Gaming Websites
Introduction to Myth Stealer
Cybersecurity experts have recently uncovered a distinctive threat known as Myth Stealer, which is a Rust-based information stealer. This malware is predominantly spread through counterfeit gaming websites that lure unsuspecting users with the promise of free games. The research conducted by Trellix revealed the intricate operations behind this malware and its deceptive tactics designed to extract sensitive information from users.
How Myth Stealer Functions
Upon installation, Myth Stealer presents a deceptive window that mimics a legitimate application. While users are led to believe they are interacting with a harmless interface, the malware concurrently decrypts and executes malicious code behind the scenes. This dual-operation model makes it particularly insidious, as users remain oblivious to the threat.
Originally launched on Telegram in December 2024 as a beta version, Myth Stealer has since transitioned to a malware-as-a-service (MaaS) framework. Its capabilities include stealing passwords, cookies, and autofill data from various web browsers like Google Chrome, Microsoft Edge, Opera, and Mozilla Firefox.
Distribution Channels and Tactics
The distribution of Myth Stealer is cleverly masked through fake gaming websites. One notable site, hosted on Google’s Blogger, promotes various games supposedly for testing purposes. The tactics used here are not new; a similar platform was previously utilized to distribute another malware variant known as AgeoStealer.
Researchers from Trellix also identified instances where Myth Stealer was disguised as a cracked version of game cheating software called DDrace, further illustrating the diverse methods employed to disseminate this threat.
Deceptive Practices of the Malware
The downloaded loader of Myth Stealer convinces users of its legitimacy by displaying a counterfeit setup window. Simultaneously, it works to terminate processes linked to popular web browsers, allowing it to capture and exfiltrate sensitive data to a remote server or specialized Discord webhook.
The malware incorporates anti-analysis features, such as string obfuscation and system checks aimed at determining filenames and user names. Developers of this malware are consistently updating its code to stay ahead of antivirus detection efforts while adding new functionalities like screen capture and clipboard hijacking.
Comparison with Other Malware Threats
Interestingly, Myth Stealer is not alone in using gaming-related bait to distribute malicious software. Palo Alto Networks recently reported on another malware variant dubbed Blitz, which spreads via backdoored game cheats and pirated software installers. Blitz operates in a two-stage process: first, it deploys a downloader, which in turn installs a bot payload capable of keylogging, taking screenshots, and even launching a denial-of-service attack.
Blitz was primarily disseminated through an attacker-controlled Telegram channel, and it notably utilized a Hugging Face Space for hosting aspects of its command-and-control infrastructure. Following responsible disclosure, Hugging Face restricted the associated user account.
Recent Developments in Malware Landscape
As of late April 2025, Blitz recorded approximately 289 infections across 26 countries, notably in Eastern Europe. The developers of Blitz recently expressed intentions to cease operations upon discovering trojan components embedded in their cheat software, even providing tools for removal.
In addition to these threats, cybersecurity firm CYFIRMA disclosed a new C#-based remote access trojan (RAT) named DuplexSpy RAT, which is designed for extensive surveillance and control over compromised systems. DuplexSpy RAT boasts features like screen capturing, keylogging, and the ability to remotely execute commands, all functioning under a fake lock screen that deceives users into believing their system has frozen.
Conclusion
The revelation of Myth Stealer and its methods underscores the ever-evolving nature of digital cyber threats. As gaming-related malware continues to proliferate, awareness and proactive cybersecurity measures remain paramount for users navigating the online landscape. As these malicious actors refine their strategies, both individuals and organizations must stay vigilant against the risks posed by such sophisticated and cleverly disguised threats.
