Meduza Infostealer Scrapes Logins from Cryptowallets and Browsers

ransomware

Researchers specializing in cybersecurity have recently identified a newly developed Windows-based information stealer called Meduza Stealer. The creator of this malware is actively working on evading detection by security software solutions.

According to a report by Uptycs, the primary objective of Meduza Stealer is to conduct extensive data theft. It specifically targets users' browsing activities, extracting a wide range of browser-related data.

This information-stealing malware doesn't discriminate when it comes to the data it targets. It goes after critical login credentials, browsing histories, and even bookmarks. It doesn't spare cryptocurrency wallet extensions, password managers, or two-factor authentication (2FA) extensions either.

Despite sharing similar features with other information stealers, Meduza Stealer distinguishes itself with a clever operational design that avoids using obfuscation techniques. If a connection to the attacker's server fails, it promptly terminates its execution on compromised devices.

Moreover, the malware is programmed to abort its operation if the victim's location is listed as one of the excluded countries, which includes the Commonwealth of Independent States (CIS) and Turkmenistan.

Meduza Stealer Scrapes Data from More than Cryptowallets

In addition to gathering data from numerous password manager apps, crypto wallets, web browsers, Discord, Steam, and system metadata, Meduza Stealer also collects information related to Windows Registry entries associated with cryptocurrency mining. It even compiles a list of installed games, suggesting a broader financial motive.

Meduza Stealer is currently available for sale on underground forums like XSS and Exploit.in, as well as through a dedicated Telegram channel. It is offered as a subscription service, with prices set at $199 per month, $399 for three months, or $1,199 for a lifetime license. The stolen information collected by the malware can be accessed through a user-friendly web panel provided to the subscribers.

What is Infostealing Malware and Why Is It so Dangerous?

Infostealing malware, also known as information-stealing malware, is a type of malicious software designed to infiltrate and compromise systems in order to gather sensitive and valuable information from the infected devices or networks. This malware specifically targets data such as personal credentials, financial details, login credentials, browsing history, email accounts, and other forms of confidential information.

Infostealing malware is considered highly dangerous due to the significant risks and consequences it poses to individuals, organizations, and even society as a whole. Here are some reasons why it is so dangerous:

Data Theft: Infostealers are specifically designed to steal sensitive data. Once the malware gains access to the targeted system, it silently collects valuable information without the user's knowledge. This stolen data can be used for various malicious purposes, including identity theft, financial fraud, espionage, blackmail, or selling the information on the dark web.

Privacy Invasion: Infostealing malware compromises user privacy by accessing personal and confidential information. This invasion of privacy can have long-lasting effects on individuals, leading to personal and financial damages, loss of trust, and emotional distress.

Financial Loss: Infostealers often target financial information, including credit card details, bank account credentials, and cryptocurrency wallets. With this information, cybercriminals can conduct unauthorized transactions, drain bank accounts, make fraudulent purchases, or steal digital assets, resulting in significant financial loss for individuals and organizations.

Spread of Malware: Infostealing malware is often part of a larger cybercriminal ecosystem. Once installed, it can provide a backdoor for other malware to enter the system, leading to further damage, such as ransomware attacks, botnets, or even turning the infected device into a part of a larger malicious network.

Difficulty in Detection: Infostealing malware is designed to operate stealthily, remaining undetected by security measures such as antivirus software. Its ability to evade detection makes it challenging for users and organizations to identify and remove the malware, allowing it to continue its malicious activities for extended periods.

By Zaib
July 3, 2023
Computer Security
English
July 3, 2023
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Malware

NoMercy Stealer Scrapes Sensitive Information

NoMercy is the name of a newly discovered piece of infostealing malware. The main distribution method for the new malware is phishing campaigns containing malicious attachments, with a supplementary distribution... Read more

July 11, 2022
Malware

Stealerium Infostealer

Stealerium is the name of an infostealer malware. The malicious application is written and compiled using C#. When it deploys on a victim system, Stealerium starts recording logs and exfiltrating information from the... Read more

May 9, 2022
Browser Hijacker

Bundle Extension Hijacks Browsers

Bundle extension is the name of a browser extension, which can end up installed inside your favorite browser and is classified as potentially unwanted software or a browser hijacker. Bundle extension, once installed... Read more

July 27, 2022
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.