Cybersecurity researchers have discovered a new information abductor for Windows called Meduza Stealer, which is part of the CAAS industry. The malware is distributed through a subscription-based model and has undergone active modifications by its author to evade detection by software solutions.
“Meduza Stealer’s main goal is comprehensive data theft. It captures all the actions performed by users on the Internet, extracting a wide range of browser-related data,” according to a new report by uptycs.
The researchers added, “From critical accounting data to the history of visited pages and selected bookmarks, no type of data is safe. Even cryptocurrencies, password managers, and 2FA are vulnerable.”
Meduza Stealer sets itself apart from similar infostilers by implementing a “cunning” operational design that avoids the use of coercion methods. In the event of a connection with the attacker’s C2 server, the malicious activity quickly ceases.
The researchers also discovered that Meduza Stealer halts its activities on computers located in CIS countries, raising suspicions about the origin of the malware.
In addition to collecting data from 19 password managing applications, 76 cryptocurrencies, 95 web browsers, Discord, Steam, and systemic metadata, Meduza Stealer also gathers records from the Windows registry and a list of installed games, indicating broader financial motives of cybercriminals.
The malware is currently available for sale on underground forums and the developer’s official Telegram channel. Access to Meduza Stealer is provided through a subscription, with prices starting at $199 per month, $399 for three months, or $1199 for a license. The stolen information is made available to malicious customers through a user-friendly web panel.
To protect against this threat, it is important for Windows users to exercise extra vigilance and caution while downloading files from the internet. Employing reliable antivirus solutions and following good cybersecurity practices will further enhance data security and safeguard users’ confidentiality.