In further indications of a lucrative crimeware-as-a-service (CaaS) ecosystem, cybersecurity researchers Medusa Stealer It is actively developed by its authors to avoid detection by software solutions.
“The Meduza Stealer has the sole purpose of comprehensive data exfiltration,” Uptycs said in a new report. “It steals user browsing activity and extracts a wide range of browser-related data.”
“From important login credentials to valuable records of browsing history and carefully curated bookmarks, no digital artifact is secure. Even crypto wallet extensions, password managers and 2FA extensions are vulnerable.”
Despite similarities in functionality, Meduza avoids the use of obfuscation techniques and has a “clever” operational design that immediately terminates execution on a compromised host if the connection to the attacker’s server fails. proud of
The attack is also designed to stop if the victim’s location is on the thief’s pre-defined list of excluded countries, consisting of the Commonwealth of Independent States (CIS) and Turkmenistan. I’m here.
Meduza Stealer collects data from 19 password manager apps, 76 cryptocurrency wallets, 95 web browsers, Discord, Steam, system metadata, as well as miner-related Windows registry entries and installed We have also collected a list of games that are addicted to money, indicating broader financial motivations.
It is currently sold on underground forums such as XSS and Exploit.in, as well as a dedicated Telegram channel, as subscriptions for $199/month, $399 for 3 months, or $1,199 for a perpetual license. Information stolen by malware is made available through an easy-to-use web panel.
“This feature allows subscribers to download and delete stolen data directly from web pages, giving them an unprecedented level of control over their illicitly obtained information,” the researchers said. .
“This detailed feature set showcases the sophisticated nature of Meduza Stealer and the effort its creators are willing to put in to ensure its success.”
