The MetaStealer Malware is an information collector threat. This piece of malware is being spread via a threatening email campaign. The threat actors disseminate thousands of emails carrying a weaponized MS Excel document. Once established on the victim's system, MetaStealer will engage its invasive routines and start extracting sensitive or confidential information.
Infostealers vary in scope and complexity, depending on the goals of the cybercriminals. Most commonly, these malware threats are used in attacks aimed at obtaining users' account credentials, such as usernames, emails, passwords, credit card numbers, social security numbers, other personally identifiable information, system details and more.
More advanced data collector threats also can deploy keylogging routines that will capture any keyboard or mouse input, collect or substitute data saved in the clipboard of the system, intercept two-factor authentication data, extract crypto-wallet data and other valuable information.
The threat actors can abuse the collected details in a variety of ways, depending on the specific goals. They could infiltrate the victim's social media accounts to further expand their reach, run misinformation campaigns, send malware threats to the user's contacts, etc. If any crypto-wallet accounts are compromised, the hackers could make fraudulent purchases or simply transfer the funds into their own wallets.