Meduza stealer is a new information stealer that is being heavily marketed on dark web hacking forums and Telegram channels. The malware, which is being offered for a 1-month, 3-month, or lifetime plan, has comprehensive capabilities and is under active development. The malware targets Windows systems and is capable of stealing a wide range of data, including system information, login credentials, browsing histories, cookies, and bookmarks, and can steal from 2FA extensions, 76 cryptocurrency wallets, and 19 password managers.
The malware has advanced anti-detection capabilities and is able to evade many antivirus solutions. The malware developer has performed tests against the most common antivirus solutions and has shared screenshots demonstrating the low detection rate, even by top-tier antivirus solutions. The malware can be used in attacks in any country other than the Commonwealth of Independent States.
While no attacks have been detected involving the malware, it is considered to pose a significant threat, especially considering the relatively low price of subscriptions, which start at $199 for a month and up to $1,199 for lifetime use. In addition to low detection rates and impressive stealing capabilities, users benefit from an easy-to-use control panel through which they are able to customize binaries and access and download the stolen data
The malware was identified by security researchers at Uptycs while monitoring hacking forums and Telegram channels and takes its name from the moniker of the developer of the malware. While the malware is being aggressively marketed, it is unclear how popular the malware is proving to be within the cybercriminal community or how the malware is being distributed.
To prevent infections, antivirus software, browsers, and applications should be kept up to date with patches applied promptly. Strong passwords should be set and caution should be exercised with emails and web browsing. Uptycs has published an excellent write-up about Meduza stealer and has shared Indicators of Compromise (IoCs) and a YARA rule.