Meduza Stealer Targets Windows Users With Advanced Tactics

Written by

A new malware called “The Meduza Stealer” has been observed targeting Windows users with advanced data theft tactics.

The Uptycs Threat Research team discovered the new threat while monitoring dark web forums and Telegram channels. They described its capabilities in an advisory published on Friday.

“Crafted by an enigmatic actor known as ‘Meduza,’ this malware has been specifically designed to target Windows users and organizations, currently sparing only ten specific countries from its reach,” reads the technical post.

The primary objective of the Meduza Stealer is to steal data, particularly from browsers. This includes login credentials, browsing history, bookmarks, as well as vulnerable extensions like crypto wallets, password managers and two-factor authentication (2FA) extensions.

In addition to its primary functions, the Meduza Stealer can also collect various system-related information from infected devices.

This includes system build, computer name, CPU specifications, execution path, geographical location, GPU information, hardware ID details, public IP address, operating system details, RAM specifications, screen resolution, screenshots, timestamp, time zone and usernames.

Read more on similar threats: Infostealer Malware Surges: Stolen Logs Up 670% on Russian Market

Uptycs said it communicated with the administrator of the malware’s infrastructure, who said their operations do not involve ransom activities, focusing solely on functioning as a data stealer. 

Conversations with the malware administrator indicate that it is an actively developed tool capable of incorporating new features. 

“Currently, Meduza can avoid detection in certain countries and prevent execution if the attacker’s server is unreachable, making it an extremely stealth cybersecurity threat,” reads the technical write-up.

The marketing and distribution tactics of the Meduza Stealer are mainly conducted through dark web forums and Telegram channels, where the malware is promoted and made available to potential cyber-criminals. 

The administrator behind the malware actively engages with interested parties, highlighting its features and capabilities while also ensuring that its distribution is limited to specific countries.

According to the Uptycs team, if left unchecked, Meduza can lead to severe consequences, such as financial losses and potential large-scale data breaches for affected individuals and organizations.

“While Meduza may be a recent addition to the realm of cybercrime and no specific attacks have been attributed to date, the risks it poses shouldn't be underestimated,” the company wrote.

The Uptycs advisory comes days after FortiGuard Labs shared findings about a separate infostealer called ThirdEye, also targeting Windows users.

What’s hot on Infosecurity Magazine?