META Infostealer is a New Stealer for Rent

Cybercriminals are always on the lookout for openings in a specific field of malware. Recently, such a place was opened when the developers of the Raccoon Stealer ceased their operations due to the conflict in Ukraine. Because of this, other information stealers such as the Mars Stealer flooded the market. Recently, a new malware family belonging to this category was identified, the META Infostealer.

The META Infostealer appears to be used in attacks all over the world, and the threat is being rented out to subscribers and a very low price – just $125 a month. This means that any cybercriminal with some extra money can easily start abusing the META Infostealer on a regular basis.

It seems that most users of the META Infostealer are relying on email spam campaigns to reach their potential victims. The criminals abuse typical decoy documents that are packed with a malicious script, which is meant to execute the META Infostealer payload. In some cases, the malicious file might come in the shape of an archive, which users are asked to review.

Once deployed, the META Infostealer does not drop its files under a specific name meant to conceal the file's malicious intent. Instead, it uses a randomly generated name such as 'qweqweqweqwe.exe.' In order to gain persistence, the infostealer might create a new Windows Registry key. Last but not least, the META Infostealer is able to modify the Windows Defender service in order to ignore specific executable files, probably with the intent of concealing its malicious code.

Once the implant is active, it can steal information related to browsers, email clients, and various other apps. The criminals may also use a keylogger module, or grab files from the victim's desktop. To ensure that your Windows machine is sufficiently protected against the META Infostealer attack, invest in reputable antivirus software.