Rust-based Myth Stealer Malware Campaign Targeting Browser Users
June 12th, 2025
Severity Level: Medium
Technical Details
Malware Family: Myth Stealer.
Language Used: Rust.
Distribution Vector: Fake game distribution sites offering pirated games or free game downloads.
Target Applications: Chrome, Firefox, Chromium-based browsers, cryptocurrency wallets.
Capabilities: Credential theft, cookie theft, system info collection, clipboard monitoring.
Upon execution, the Myth stealer collects a wide array of data, including:
Saved passwords from browsers.
Cookies and autofill data.
Installed application lists.
System information (CPU, GPU, OS version, etc.)
Crypto wallet data (Metamask, Exodus, etc.)
Clipboard content.
The malware is developed using Rust, which provides high performance and cross-platform compatibility. It uses obfuscation techniques to avoid detection by standard antivirus software. Data is exfiltrated via encrypted HTTP POST requests directed to a command-and-control infrastructure managed by the attacker.
Security researchers have discovered a new malware campaign involving a Rust-based information stealer called Myth. This malware is actively distributed through fake gaming websites and primarily targets users of Google Chrome and Mozilla Firefox browsers. Its main goal is to exfiltrate sensitive data, including login credentials, cookies, browsing history, and cryptocurrency wallet information.
The malware is distributed through fake websites that disguise themselves as legitimate platforms offering popular pirated or free PC games. Once installed, the malware runs quietly in the background, gathering information from the browser and the system before sending it to a command-and-control (C2) server controlled by an attacker.
Impact
Successful infection with Myth Stealer can result in:
Credential theft for social media, banking, and gaming accounts.
Loss of cryptocurrency assets due to stolen wallet data.
Exfiltration of sensitive corporate data if run on enterprise systems.
User surveillance through browser and system profiling.
The campaign targets a wide range of users, including gamers and individuals interested in pirated[KM1] or free software, posing a threat to both individual and enterprise environments.
[KM1]Better word than cracked if theyre interchangeable
Detection Method
To detect potential infection:
Review Browser Artifacts: Look for any unusual browser extensions, changed settings, or credential leaks.
Monitor Network Traffic: Check for encrypted POST requests directed at unknown or suspicious C2 domains.
Check File System and Process Activity: Look for Rust-compiled executables operating from temporary directories or downloads.
Endpoint Scanning: Utilize Endpoint Detection and Response (EDR) tools to identify and flag suspicious processes that are accessing browser data and wallet directories.
Security monitoring systems should look for:
Stealer behavior patterns (e.g., accessing files in browser profile directories).
Obfuscated Rust binaries.
Traffic to unusual IPs or domains shortly after downloading gaming-related content.
Indicators of Compromise
There are no Indicators of Compromise (IOCs) for this advisory.
Recommendations
Avoid Untrusted Sources: Do not download games or software from unofficial or cracked sites.
Endpoint Protection: Implement advanced EDR solutions capable of detecting Rust-compiled binaries and memory-resident stealers.
Browser Hardening: Utilize password managers and disable password saving in browsers.
Network Monitoring: Monitor outbound connections for indicators of command and control (C2) communication.
Educate Users: Conduct awareness campaigns about the risks of downloading pirated games or software.
Conclusion
The Myth Stealer campaign highlights the growing sophistication of malware that is distributed through social engineering and user deception. By utilizing Rust for enhanced performance and stealth, this malware poses a significant threat to both individuals and organizations due to its extensive capabilities for data theft. To mitigate this risk, organizations must implement proactive defensive measures, such as endpoint monitoring, increase user awareness through training, and avoid using pirated content.