Threat Database Malware Meduza Stealer

Meduza Stealer

Cybersecurity researchers have encountered a new information stealer called the Meduza Stealer, which is specifically targeted at Windows systems. This discovery further highlights the profitable crimeware-as-a-service (CaaS) ecosystem, which allows both technically inexperienced criminals and sophisticated threat actors to organize threatening attacks rapidly.

The primary purpose of the Meduza Stealer is to conduct comprehensive data theft, targeting unsuspecting users. It specializes in extracting various types of browser-related data, primarily focusing on users' browsing activities. Through sophisticated techniques, the information stealer gains unauthorized access to sensitive information, potentially compromising users' privacy and security.

By infiltrating the victim's system, the Meduza Stealer surreptitiously gathers a wide range of data associated with the user's online activities. This may include browsing history, saved passwords, login credentials, cookies, and other browser-specific information. The wide range of data stolen by the Meduza Stealer underscores the seriousness and potential impact of this malicious software.

The Meduza Stealer can Compromise Popular Browsers, Applications and Over 70 Crypto-Wallets

The Meduza Stealer utilizes a clever operational design, which sets it apart from other malware by avoiding obfuscation techniques and instead swiftly terminating its execution on compromised hosts if a connection to the attacker's server cannot be established.

Furthermore, the malware incorporates a feature that enables it to abort its activities if the victim's location is included in a predefined list of excluded countries. Notably, this list comprises the Commonwealth of Independent States (CIS) and Turkmenistan.

In addition to its primary objective of stealing data, the Meduza Stealer demonstrates a wider financial motive. It goes beyond the traditional scope of information theft and targets an expanded range of valuable assets. Specifically, the malware is programmed to gather data from various sources, including 19 password manager applications, 76 cryptocurrency wallets, 95 web browsers, popular platforms like Discord and Steam, as well as system metadata. Notably, it also harvests miner-related Windows Registry entries and compiles a list of installed games on the compromised system.

The inclusion of such diverse data sources indicates that the Meduza Stealer seeks to maximize its potential for financial gain. By targeting a wide range of sensitive information and assets, the malware aims to exploit various avenues for monetary exploitation. This broader financial motive distinguishes the Meduza Stealer from other information stealers and underscores the sophistication and strategic planning behind its development.

The Meduza Stealer is being Offered for Sale on Hacker Forums

Currently, the Meduza Stealer is being actively marketed and sold on underground forums like XSS and, as well as through a dedicated Telegram channel. It is offered as a subscription-based service, providing different pricing options to potential buyers. The subscription plans include a monthly fee of $199, a three-month package priced at $399, or a lifetime license available for $1,199.

Upon purchasing the the Meduza Stealer subscription, users gain access to a user-friendly web panel that serves as a central hub for managing the stolen information. This panel offers convenient functionality, allowing subscribers to download or delete the pilfered data directly from the web page. This level of control over the illicitly obtained information is unprecedented, providing users with a unique capability to manipulate and manage the stolen data according to their preferences.

The inclusion of such user-centric features in the web panel demonstrates the sophistication of the Meduza Stealer. It underscores the lengths to which its creators are willing to go to ensure the success and profitability of their malicious enterprise. By offering a user-friendly interface and granting extensive control over the stolen data, the malware operators aim to maximize the utility and value of their illicit product.

It is important to note that the sale and distribution of such malicious software on underground platforms pose a significant threat to individuals and organizations. The availability of the Meduza Stealer highlights the need for strong cybersecurity measures, robust defenses, and proactive monitoring to protect against these types of threats.


Most Viewed