In one more signal of a profitable crimeware-as-a-service (CaaS) ecosystem, cybersecurity researchers have found a brand new Home windows-based data stealer referred to as Meduza Stealer that is actively being developed by its writer to evade detection by software program options.
„The Meduza Stealer has a singular goal: complete knowledge theft,“ Uptycs said in a brand new report. „It pilfers customers‘ looking actions, extracting a big selection of browser-related knowledge.“
„From important login credentials to the precious document of looking historical past and meticulously curated bookmarks, no digital artifact is secure. Even crypto pockets extensions, password managers, and 2FA extensions are weak.“
Regardless of the similarity in options, Meduza boasts of a „artful“ operational design that eschews the usage of obfuscation strategies and promptly terminates its execution on compromised hosts ought to a connection to the attacker’s server fail.
It is also designed to abort if a sufferer’s location is within the stealer’s predefined record of excluded nations, which consists of the Commonwealth of Unbiased States (CIS) and Turkmenistan.
Meduza Stealer, in addition to gathering knowledge from 19 password supervisor apps, 76 crypto wallets, 95 internet browsers, Discord, Steam, and system metadata, harvests miner-related Home windows Registry entries in addition to a listing of put in video games, indicating a broader monetary motive.
It is at present being provided on the market on underground boards resembling XSS and Exploit.in and a devoted Telegram channel as a recurring subscription that prices $199 per thirty days, $399 for 3 months, or $1,199 for a lifetime license. The knowledge pilfered by the malware is made obtainable by a user-friendly internet panel.
„This function permits subscribers to obtain or delete the stolen knowledge instantly from the net web page, granting them an unprecedented stage of management over their ill-gotten data,“ the researchers mentioned.
„This in-depth function set showcases the delicate nature of the Meduza Stealer and the lengths its creators are keen to go to make sure its success.“