Dangerous new infostealer targets top password managers

A new Windows infostealer is on the loose, stealing highly sensitive information and featuring clever ways to evade detection by security software.

Known as the Meduza Stealer, its sole purpose is “comprehensive data theft,” according to cybersecurity at Uptycs who discovered the malware, as it scours “users’ browsing activities, extracting a wide array of browser-related data.”

The security firm added that wallet extensions, and 2FA extensions are also . In order to avoid detection, Meduza terminates itself if with the actor’s server fails. 

Self-termination

Interestingly, it also self-terminates if the victim’s system is located in certain countries, such as those within the Commonwealth of Independent States (CIS) and Turkmenistan.

Meduza also gathers data from Windows Registry entries and a list of installed games on the target’s endpoint, indicating its far-reaching information extraction goals. A web panel interface also gives the attacker details on what Meduza has managed to steal, as well as the ability to download or delete said data. 

According to the researchers at Uptycs, “This in-depth set showcases the sophisticated nature of the Meduza Stealer and the lengths its creators are willing to go to ensure its success.”

It is currently for on dark web forums and the encrypted messaging app Telegram, with a monthly subscription costing $199 and a lifetime license $1,199.

Providing malicious tools as a service is fast becoming the norm, allowing criminals to carry out cyberattacks without needing technical knowledge – they merely rent the software used to the damage from others.  

Research by antivirus firm Sophos claims to show that dropper-as-a-service (DaaS) platforms are being used more and more by malware developers, and ransomware-as-a-service (RaaS) are becoming more popular too, again due to their ease of use by cybercriminals.

Source link