Meduza Stealer targets crypto wallets and password managers

The new Windows-based information stealer, Meduza Stealer, is an asset to a lucrative crimeware-as-a-service (CaaS) landscape that targets crypto wallets and password managers. Based on reports, the malware authors are constantly upgrading the infostealer’s capabilities to bypass security detection from software solutions.

Moreover, the researchers explained that the Meduza Stealer’s primary objective is comprehensive data theft. This information-stealing malware could steal targeted users’ browsing activities and extract browser-related information.

 

The Meduza Stealer can harvest troves of data from a target, which could result in significant damages.

 

According to an investigation, the new Meduza Stealer could harvest troves of data, such as login credentials, browsing history, and curated bookmarks. In addition, this malware could also steal cryptocurrency wallet extensions, two factor-authentication extensions, and password managers. Hence, no digital artefact is safe from this infostealer.

Meduza also displays a unique operational design that shuns obfuscation tactics despite its similarity to another stealer malware. Researchers also noticed that this stealer could terminate its execution on infected targets if a connection to the attacker’s server fails.

The malware authors also designed that malware terminates itself if a victim’s location is in the stealer’s predefined list of avoided countries: CIS and Turkmenistan.

The confirmed entities the Meduza Stealer could impact include 76 cryptocurrency wallets, 95 web browsers, 19 password manager applications, Steam, Discord, and system metadata. Furthermore, the malware could harvest miner-related Windows Registry entries and several installed games on the compromised device. These details show that the malware operators have a broad financial motive in their attacks.

The stealer developers offer tools on the black market, underground forums, and a dedicated Telegram channel. Potential customers could acquire Meduza for a monthly subscription that costs $199, $399 for three months, and $1,199 for lifetime access. Lastly, the data stolen by the malware will be available through a user-friendly web panel.

Therefore, the feature could allow its subscribers to download or remove the stolen data directly from the webpage. This feature could enable them to control the stolen information exclusively.

Experts believe the malware could gain improved capabilities soon since it is still in its developmental phase.