Dangerous new infostealer targets top password managers

News
By Lewis Maddison
published

The Meduza Stealer is as scary as it sounds

password manager security
(Image credit: Passwork)

A new Windows infostealer is on the loose, stealing highly sensitive information and featuring clever ways to evade detection by security software.

Known as the Meduza Stealer, its sole purpose is "comprehensive data theft," according to cybersecurity researchers at Uptycs who discovered the malware, as it scours "users' browsing activities, extracting a wide array of browser-related data."

The security firm added that crypto wallet extensions, password managers and 2FA extensions are also vulnerable. In order to avoid detection, Meduza terminates itself if connection with the threat actor's server fails. 

Protecting your business from the biggest threats online

Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?) 

View Deal

Self-termination

Interestingly, it also self-terminates if the victim's system is located in certain countries, such as those within the Commonwealth of Independent States (CIS) and Turkmenistan.

Meduza also gathers data from Windows Registry entries and a list of installed games on the target's endpoint, indicating its far-reaching information extraction goals. A web panel interface also gives the attacker details on what Meduza has managed to steal, as well as the ability to download or delete said data. 

read more

> This dangerous new Android malware can steal your passwords and 2FA codes

> A nasty new infostealer malware is landing in email inboxes

> Proton's new password manager has just landed for all users

According to the researchers at Uptycs, "This in-depth feature set showcases the sophisticated nature of the Meduza Stealer and the lengths its creators are willing to go to ensure its success."

It is currently for sale on dark web forums and the encrypted messaging app Telegram, with a monthly subscription costing $199 and a lifetime license $1,199.

Providing malicious tools as a service is fast becoming the norm, allowing criminals to carry out cyberattacks without needing technical knowledge - they merely rent the software used to deal the damage from others.  

Research by antivirus firm Sophos claims to show that dropper-as-a-service (DaaS) platforms are being used more and more by malware developers, and ransomware-as-a-service (RaaS) models are becoming more popular too, again due to their ease of use by cybercriminals.

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.