Beware! Myth Stealer Malware is Stealing Your Data Through Game Downloads
Cybersecurity experts have discovered a new malware named Myth Stealer. It is written in Rust and is designed to steal personal information. The malware is spreading through fake gaming websites that trick users into downloading it.
According to Trellix researchers, once the malware is opened, it shows a fake window to make users believe it’s a real app. At the same time, it secretly runs harmful code in the background.
Myth Stealer first appeared in December 2024. It was shared for free on Telegram while still in testing. Since then, it has turned into a malware-as-a-service (MaaS). It can steal passwords, cookies, and autofill data from browsers like Google Chrome, Mozilla Firefox, Microsoft Edge, Brave, and Opera.
Myth Stealer Malware Spreads Through Fake Gaming Sites, Targets Chrome and Firefox Users
The group behind the malware also used Telegram channels to sell stolen accounts and show off customer reviews. These channels have now been taken down by Telegram.
Researchers found that the malware is being spread through fake Blogger websites that offer video games. One such page was also used to spread another malware called AgeoStealer earlier this year.
Another way Myth Stealer spreads is through cracked versions of cheat software for online games. One example is a program named DDrace, which was found on a gaming forum.
Once downloaded, the malware shows a setup window to trick the user. In the background, it launches the real malicious software. It runs from a 64-bit DLL file and can stop browser processes before stealing user data. The stolen information is then sent to a remote server or even a Discord webhook.
The malware is built to avoid detection. It uses techniques like string hiding and system checks to stay under the radar. Its creators keep updating it with new features like screen capturing and clipboard hijacking.
Other Malware Threats
Myth Stealer isn’t the only malware using games to infect systems. Recently, another malware named Blitz was found by Palo Alto Networks’ Unit 42. Blitz also spreads through game cheats and cracked software.
Blitz has two parts. First, a downloader is installed. Then it loads a bot, which can log keystrokes, take screenshots, upload and download files, and even launch DDoS attacks. It also installs a cryptocurrency miner called XMRig.
The malware hides itself by checking if it’s in a virtual or test environment. It only continues if the system passes those checks. It also waits until the user logs in again after a reboot.
Interestingly, Blitz uses Hugging Face, a platform normally used for AI tools, to host parts of its malware. Hugging Face has since shut down the malicious account.
As of April 2025, Blitz has infected 289 systems in 26 countries, mainly in Russia, Ukraine, Belarus, and Kazakhstan. The person behind Blitz, using the name sw1zzx, claims to have quit and even shared a removal tool.
Another Threat: DuplexSpy RAT
A third threat is a remote access trojan (RAT) called DuplexSpy, written in C#. It was posted on GitHub as an “educational tool” in April 2025. But it has powerful spying features. These include keylogging, webcam spying, audio recording, and remote commands like shutdown and restart.
DuplexSpy also creates a fake lock screen that looks like a system freeze or ransom notice. This can be used to scare or trick victims.
Crypters and Obfuscation Tools
Another trend in recent attacks is the use of “Crypters and Tools”. This service helps malware to hide from antivirus software. Many threat groups, including TA558, Blind Eagle, and Aggah, use this service. The tools are sold on websites like nitrosoftwares[.]com, which offer crypters, loggers, and crypto wallet stealers.
These attacks are happening in regions like the United States, Eastern Europe, and Latin America.
The best way to avoid such threats is to only download from authentic websites. Moreover, users should not click on any malicious link to keep their data safe.
See Also: Dangerous Malware Found! Delete These Apps From Your Phone ASAP
