Security researchers discovered a new Windows-based data-stealing malware dubbed Meduza Stealer. The new info stealer allegedly has detection-evading features and can collect data about both Windows users and systems. However, it can only evade detection in a certain number of countries.
What Is the Meduza Infostealer Used for?
According to the researchers, Meduza Stealer collects various sensitive data about both users and systems. In addition, the new Meduza Stealer malware is also very easy to use, as its developer intensively markets it on malicious forums.
It’s currently being offered for sale on underground forums such as XSS and Exploit.in and a dedicated Telegram channel as a recurring subscription that costs $199 per month, $399 for three months, or $1,199 for a lifetime license. The information pilfered by the malware is made available through a user-friendly web panel.
User data it steals from browsers:
- login credentials,
- browsing history,
- vulnerable extensions like crypto wallets,
- password managers,
- two-factor authentication (2FA) extensions.
System-related data:
- geographical location and time zone,
- screenshots and usernames,
- system build and computer name,
- CPU specifications,
- execution path,
- hardware ID details,
- public IP address,
- operating system details.
- RAM specifications
How Does the Meduza Infostealer Work?
Once it successfully infects an endpoint, the malware checks its geolocation. It doesn`t move to the next step if the victim is based in Russia, Kazakhstan, Belarus, Georgia, Turkmenistan, Uzbekistan, Tajikistan, Armenia, Kyrgyzstan, or Moldova.
Like any other malware, Meduza Stealer will next try to establish a connection with the command-and-control server. After it becomes active, the info stealer uses various Windows APIs to collect system-related data.
The malware is also able to read the browser history, cookies, login data, web data, etc. Furthermore, Meduza can scan the Telegram Desktop application, access Discord folders, and even try to collect ID details of password manager, and two-factor authentication (2FA) apps. Obtaining 2FA codes and being able to exploit password manager`s vulnerabilities can provide hackers with unauthorized access to the user`s accounts.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.