A new malware dubbed “The Meduza Stealer” has been observed targeting Windows users with advanced data-stealing tactics.
The Uptycs threat research team discovered this new threat while monitoring dark web forums and Telegram channels. They described that feature in a recommendation published Friday.
“This malware, created by a mysterious actor known as ‘Meduza’, was specifically designed to target Windows users and organizations, and currently only 10 specific countries are outside of its attack range. exempted,” the technical post reads.
The main purpose of Meduza Stealer is to steal data especially from browsers. This includes login credentials, browsing history, bookmarks, and vulnerable extensions such as crypto wallets, password managers, and two-factor authentication (2FA) extensions.
In addition to its main functionality, Meduza Stealer can also collect various system-related information from infected devices.
This includes system build, computer name, CPU specifications, execution path, geographic location, GPU information, hardware ID details, public IP address, operating system details, RAM specifications, screen resolution, screenshots, timestamps, Includes time zone and username.
For more information on a similar threat, see Infostealer Malware Surge: 670% Increase in Stolen Logs in Russian Market
Uptycs said it has been in contact with the administrators of the malware’s infrastructure, who said their activities do not include ransom-demanding activities and are focused solely on their function as data thieves. said there is.
Conversations with malware administrators have shown that this is an actively developed tool that can incorporate new features.
“Currently, Meduza is able to evade detection in certain countries and prevent execution if the attacker’s servers are not accessible, making it an extremely stealthy cybersecurity threat,” the technical document states. It is written.
The marketing and distribution strategy of Meduza Stealer is primarily through dark web forums and Telegram channels, where the malware is promoted and made available to potential cybercriminals.
The administrators behind the malware actively engage with the parties involved to ensure its distribution is restricted to specific countries while highlighting its features and functionality.
According to the Uptycs team, leaving Meduza unattended can have serious consequences for affected individuals and organizations, including financial loss and the possibility of large-scale data breaches.
“Meduza may be a recent addition to the cybercriminal arena, and although no specific attacks have been reported to date, the risks Meduza poses should not be underestimated,” the company wrote. ing.
The Uptycs advisory comes days after FortiGuard Labs shared its findings on another information thief called ThirdEye, which also targets Windows users.
