Inside Meduza Stealer’s Web: 19 Password Managers and 76 Crypto Wallets at Risk

Reading Time: ( Word Count: )

July 3, 2023
Nextdoorsec-course

In a clear indication of the thriving crimeware-as-a-service (CaaS) industry, cybersecurity experts have uncovered a novel information stealer for Windows called Meduza Stealer. The author is actively developing the malware to specifically craft it in order to avoid detection by security software solutions.

Uptycs, in their recent report, described Meduza Stealer as a tool with a single purpose: comprehensive data theft. The malware is designed with the intention of extracting information associated with browsers. This includes vital login passwords, comprehensive browsing histories, and carefully selected caches. Furthermore, the stealer’s tactics have uncovered vulnerabilities. These vulnerabilities affect seemingly secure artifacts such as cryptocurrency wallet extensions, password managers, and two-factor authentication (2FA) extensions.

Despite sharing similarities with existing data stealers, Meduza distinguishes itself with a clever operational design that deliberately avoids obfuscation techniques. Furthermore, it terminates its execution on compromised hosts if a connection to the attacker’s server fails.

Also Read: “Microsoft Teams Flaw Paves Way for Cyber Threats: An Urgent Call for Action”

Crypto Wallets at Risk

If a target is found in any designated excluded nations, such as Turkmenistan and the Commonwealth of Independent States (CIS), the malware is also configured to terminate.

Meduza Stealer doesn’t limit itself to common data theft; it also targets specific information related to mining activities. It extracts Windows Registry entries associated with mining operations. Additionally, it compiles a list of installed games, suggesting a broader financial motive. Currently, the individuals behind the malware are advertising it on darknet sites like XSS and Exploit.in, as well as a dedicated Telegram channel. They provide pricing options that include a monthly subscription for $199, a three-month subscription for $399, and a lifetime license priced at $1,199. Additionally, users have access to a convenient online panel that simplifies the process of acquiring stolen data.

According to the studies, “this feature’s accessibility allows users to instantly download or remove the stolen data from the internet page, providing them extraordinary power over their unauthorised content.” 

Meduza Stealer’s extensive range of features highlights the sophisticated nature of this threat. It also reflects the determined efforts made by its creators to ensure its success.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *