Meduza Stealer Targets Password Managers and Crypto Wallets

The Uptycs Threat Research team has recently uncovered a formidable malware called Meduza Stealer, which poses a significant threat to Windows users and organizations worldwide.

In a recently published report, Uptycs says, "The Meduza Stealer has a singular objective: comprehensive data theft. It pilfers users' browsing activities, extracting a wide array of browser-related data. From critical login credentials to the valuable record of browsing history and meticulously curated bookmarks, no digital artifact is safe. Even crypto wallet extensions, password managers, and 2FA extensions are vulnerable.”

According to the report, Meduza Stealer has successfully collected data from a significant number of sources. It has targeted 19 password manager apps, 76 crypto wallets, 95 web browsers, as well as platforms like Discord and Steam. In addition, the malware has been able to harvest miner-related Windows Registry entries and compile a list of installed games.

To combat this emerging threat, Uptycs has taken action by incorporating a YARA rule into their products, enabling thorough memory scanning for swift detection and effective mitigation of the Meduza Stealer.

The Meduza Stealer is distinctive due to its operational design, avoiding obfuscation techniques, and utilizing a connection-based approach. This makes it challenging to detect and trace, enhancing its stealthy nature as a cybersecurity threat.

Marketing and distribution tactics play a crucial role in Meduza Stealer's growth. The malware administrator has employed sophisticated strategies to promote this malicious offer. By conducting static and dynamic scans using reputable antivirus software, they have demonstrated its ability to evade detection.

Concerningly, the malware offers a worrisome pricing model and control to subscribers. They can access stolen data and download or delete it directly from a user-friendly web panel.

The widespread marketing and distribution of Meduza Stealer across cybercrime forums and Telegram channels have raised concerns among cybersecurity professionals. Despite efforts to combat the threat, many antivirus software solutions have struggled to effectively detect the malware, making it even more challenging to address this issue.

To protect against Meduza Stealer and similar malware attacks, it is recommended to regularly update operating systems, browsers, and applications and exercise caution when downloading files or opening email attachments. It is also advised to use strong and unique passwords, enable two-factor authentication, install browser extensions only from trusted sources, and closely monitor financial accounts.