In a clear indication of the thriving crimeware-as-a-service (CaaS) industry, cybersecurity experts have uncovered a novel information stealer for Windows called Meduza Stealer. The author is actively developing the malware to specifically craft it in order to avoid detection by security software solutions.
Uptycs, in their recent report, described Meduza Stealer as a tool with a single purpose: comprehensive data theft. The malware is designed with the intention of extracting information associated with browsers. This includes vital login passwords, comprehensive browsing histories, and carefully selected caches. Furthermore, the stealer’s tactics have uncovered vulnerabilities. These vulnerabilities affect seemingly secure artifacts such as cryptocurrency wallet extensions, password managers, and two-factor authentication (2FA) extensions.
Despite sharing similarities with existing data stealers, Meduza distinguishes itself with a clever operational design that deliberately avoids obfuscation techniques. Furthermore, it terminates its execution on compromised hosts if a connection to the attacker’s server fails.
If a target is found in any designated excluded nations, such as Turkmenistan and the Commonwealth of Independent States (CIS), the malware is also configured to terminate.
Meduza Stealer doesn’t limit itself to common data theft; it also targets specific information related to mining activities. It extracts Windows Registry entries associated with mining operations. Additionally, it compiles a list of installed games, suggesting a broader financial motive. Currently, the individuals behind the malware are advertising it on darknet sites like XSS and Exploit.in, as well as a dedicated Telegram channel. They provide pricing options that include a monthly subscription for $199, a three-month subscription for $399, and a lifetime license priced at $1,199. Additionally, users have access to a convenient online panel that simplifies the process of acquiring stolen data.
According to the studies, “this feature’s accessibility allows users to instantly download or remove the stolen data from the internet page, providing them extraordinary power over their unauthorised content.”
Meduza Stealer’s extensive range of features highlights the sophisticated nature of this threat. It also reflects the determined efforts made by its creators to ensure its success.