1. Home
  2. Check Point Research

Check Point Research

Crypto-Stealing Malware ‘Styx Stealer’ Exposed by Hacker’s Critical Mistake

Crypto-Stealing Malware ‘Styx Stealer’ Exposed by Hacker’s Critical MistakeCheck Point Research (CPR) has uncovered Styx Stealer, a new malware capable of stealing browser data, cryptocurrency, and instant messenger sessions. Styx Stealer is a variant of Phemedrone Stealer and includes new features like auto-start and crypto-clipping. The malware was traced back to a developer linked to the Agent Tesla threat actor “Fucosreal.” During debugging, […]

Analyst Michaël van de Poppe Says This Solana Rival Has Lots of Upside Potential, Could Explode by up to 3,765%

Styx Stealer malware exploits Windows vulnerability to ‘clip’ crypto

Styx Stealer steals data and can reroute crypto transactions coming from an infected computer to the bad actor’s wallet.

New malware called Styx Stealer has been uncovered by cybersecurity solutions provider Check Point Research. The newly discovered malware can steal a vast array of material, including cryptocurrency, through a mechanism known as clipping. It is freely available on a rental basis on the developer’s website.

Windows users with an up-to-date operating system are safe from the malware, since Styx Stealer depends on a vulnerability in Microsoft Windows Defender that was patched last year.

Styx Stealer was discovered because the developer experienced a data leak during debugging. It is derived from an older malware called Phemedrone Stealer. It maintains the functions of Phemedrone Stealer, such as stealing saved passwords, cookies, auto-fill data, cryptocurrency wallet data and instant messenger sessions, while incorporating new detection evasion techniques and adding a crypto clipper function.

Read more

Analyst Michaël van de Poppe Says This Solana Rival Has Lots of Upside Potential, Could Explode by up to 3,765%

Dingo crypto token flagged as scam over 99% transaction fee backdoor

Cybersecurity firm Check Point said it discovered a smart contract function called "setTaxFeePercent" which can reportedly change the contract's buy and sell fees.

The research arm of cybersecurity software firm Check Point has flagged the Dingo Token (DINGO) as a “potential scam” after reportedly discovering a smart contract function that has been used to manipulate transaction fees.

In a Feb. 3 blog post, Check Point Research (CPR) said it looked into the code behind the Dingo Smart Contract, discovering a backdoor function "setTaxFeePercent," which can change the contract's buy and sell fee up to 99%.

This is despite the project’s whitepaper stating that there is only a 10% fee per transaction.

An example of the smart contract function being used to manipulate transaction fees. Source: Check Point Research

According to CPR, this essentially allows the project’s owner to withdraw up to 99% of the transaction amount whenever a user buys or sells the token.

In one case the cyber security software firm observed a user who spent $26.89 to purchase 427 million Dingo Tokens but instead received 4.27 million, or $0.27 worth of Dingo Tokens.

An example of a user only receiving 1% of the transaction's value. Source: Check Point Research

The firm said it decided to investigate the Dingo Token project after seeing the token rise 8,400% this year, and found at least 47 instances of the function being used to allegedly scam token investors.

"We all know that 2022 was a hard year in the crypto market. However, when we saw a token raised by 8400% this year, we had to investigate the project and understand what was unique about it. We examined the Dingo Smart Contract and quickly found it seemed like a scam,” it wrote.

Check Point Research (CPR) has found at least 47 instances of the smart contract function being used. Source: Check Point Research

The firm also pointed to the Dingo Tokens website, noting that it has "no real information about the owners of the projects," other than a four-page whitepaper.

"If you've incorporated crypto into your investment portfolio or are interested in investing in crypto in the future, you should make sure to only use known exchanges and buy from a known token with several transactions behind it," wrote the research firm.

As of writing, Dingo Token is ranked 298 on CoinMarketCap with a live market cap of $82,555,168.

Related: Sneaky fake Google Translate app installs crypto miner on 112,000 PCs

Cointelegraph reached out to the creators of Dingo Token for a response to the allegations but has yet to receive a reply before publication.

Users of Twitter and CoinMarketCap have also recently reported issues with the Dingo Token. Crypto trader IncredibleJoker said they could not sell their holdings in a Feb. 5 post.

A Dingo Token moderator responded to the user's Twitter post, asking the user to message them privately, but no further updates have been made public.

While on CoinMarketCap, user mraff1579 appeared to reference the backdoor function raised by CPR.

"Wow dont lislisten to send to new wallet they took 30 billion coins and only received 300 mil because of fraudulent tax wow ppieces of Shit. . I was going to send to deployed for coin but got screwed , pretty sure anything you do will result in lost of 99%," the post said.

Analyst Michaël van de Poppe Says This Solana Rival Has Lots of Upside Potential, Could Explode by up to 3,765%

Researchers find security flaw in Rarible: Users could have lost all their NFTs

“A successful attack would have come from a malicious NFT within Rarible's marketplace itself, where users are less suspicious and familiar with submitting transactions,” noted Check Point Research.

The research arm of cyber security software firm Check Point said it identified a vulnerability in the Rarible NFT marketplace that could have seen many of its roughly two million active monthly users lose their NFTs in a single transaction.

Check Point is a multinational IT security firm that was founded in Ramat Gan, Israel in 1993 and also claimed to have spotted issues relating to malicious airdrops on OpenSea back in October 2021.

According to documents shared with Cointelegraph, Check Point Research (CPR) recently discovered that malicious actors could send users a dubious link to an NFT that executes JavaScript code after clicking that “attempts to send a setApprovalForAll request to the victim.”

If the link is clicked, the user grants full access to their wallets on Rarible. CPR stated that it immediately notified Rarible on April 5, with the platform promptly acknowledging and fixing the security flaw:

“If exploited, the vulnerability would have enabled a threat actor to steal a user's NFTs and cryptocurrency wallets in a single transaction. A successful attack would have come from a malicious NFT within Rarible's marketplace itself, where users are less suspicious and familiar with submitting transactions.”

NFT Theft

Speaking with Cointelegraph, Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software said his team became interested in this type of scam after Taiwanese singer Jay Chou fell victim to a similar attack. Chou’s BoredApe #3738 NFT was swiped via a nefarious transaction at the start of this month.

“Once we saw that this NFT was stolen, it gave us the incentive to investigate further.” Such a vulnerability could also be possible on many other platforms, Vanunu said.

“Rarible acknowledged the security flaw quickly and fixed it by removing the SVG file upload option. This terminated the malicious NFT attack option,” Vanunu confirmed.

Related: Trezor investigates potential data breach as users cite phishing attacks

Vanunu refused to estimate the potential value lost that the security flaw could have resulted in, as it could have been “triggered on any user on the platform.” Notably, a similar attack on just a single wallet belonging to DeFiance Capital founder Arthur0x last month, resulted in the loss of roughly 600 Ether ($1.86 million).

CPR urged users to be diligent any time they approve any requests on NFT platforms and verify all of them via Etherscan’s request tracker in times of uncertainty.

Cointelegraph has reached out to Rarible for comment on the matter, and will update the story if the company responds.

Analyst Michaël van de Poppe Says This Solana Rival Has Lots of Upside Potential, Could Explode by up to 3,765%

Opioid Premiums, Jobseekers and Vaccines: Covid-19 Fuels Darknet Markets in a Different Way

Opioid Premiums, Jobseekers and Vaccines: Covid-19 Fuels Darknet Markets in a Different WayThe impact of the Covid-19 pandemic has found its way onto the deep web and during the last few months, researchers have found a great number of individuals turning to darknet markets (DNMs) for employment. The organization Check Point Research has recorded a rising trend of people looking for jobs on hacking forums and DNMs. […]

Analyst Michaël van de Poppe Says This Solana Rival Has Lots of Upside Potential, Could Explode by up to 3,765%