Advisory ID: NCC-CSIRT-140723-026
Summary: The Uptycs threat research team has discovered a new malware called "Meduza Stealer" that targets Windows users. This sophisticated malware aims to steal various types of sensitive data, focusing on Windows browsers and vulnerable extensions like crypto wallets and password managers. Additionally, it can collect system-related information from compromised devices, including hardware specifications, IP address, and usernames. These findings underscore the importance of implementing strong security measures to safeguard against the Meduza Stealer malware and similar threats.
Vulnerable Platform(s): Windows Operating Systems
Threat Type: Malware
Impact/Probability: CRITCIAL/MEDIUM
Product : Google Chrome, Microsoft\Edge, Opera, Thunderbird, and other prominent Browers.
Version: All Version
Description: The research team made a significant discovery by identifying the new Meduza Stealer Malware. Through monitoring dark web forums and Telegram channels, they observed the malware being promoted and distributed to potential cyber-criminals. Unlike typical ransomware, this malware solely focuses on stealing data and continuously evolves with the incorporation of new features. Its primary targets are Windows users and organizations, with the exception of ten specific countries that include Russia, Kazakhstan, Belarus, Georgia, Turkmenistan, Usbekistan, Armenia, Kyrgystan, Moldova, and Tajikistan.
Once the malware infiltrates a machine, it initiates its operations. It first checks the geolocation of the victim. If the location is within the list of excluded countries, the malware immediately aborts its activities. Similarly, if the attacker's server is inaccessible, the malware terminates its operations. However, if both conditions are favorable, the malware proceeds to collect extensive data. This data is then packaged, uploaded, and sent to the attacker's server, completing the data theft operation on the infected machine.
Consquences: Meduza Stealer can lead to severe consequences, such as financial losses and potential large-scale data breaches for affected individuals and organizations.
Solution:
- Avoid storing your bank login information in web browsers.
- Encrypt confidential documents before sending them through compromised web browsers.
- Regularly install updates for your operating systems and browsers.
- Only install browser extensions from trusted sources.
- Employ strong and unique passwords for all your accounts.
- Install security applications to patch vulnerabilities that malware can exploit.
- Always scan files using security software before opening them.
References:
https://www.uptycs.com/blog/what-is-meduza-stealer-and-how-does-it-work#exclusionlist
https://www.infosecurity-magazine.com/news/meduza-stealer-targets-windows/