Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Lewis Maddison

Dangerous new infostealer targets top password managers

password manager security

A new Windows infostealer is on the loose, stealing highly sensitive information and featuring clever ways to evade detection by security software.

Known as the Meduza Stealer, its sole purpose is "comprehensive data theft," according to cybersecurity researchers at Uptycs who discovered the malware, as it scours "users' browsing activities, extracting a wide array of browser-related data."

The security firm added that crypto wallet extensions, password managers and 2FA extensions are also vulnerable. In order to avoid detection, Meduza terminates itself if connection with the threat actor's server fails. 

Self-termination

Interestingly, it also self-terminates if the victim's system is located in certain countries, such as those within the Commonwealth of Independent States (CIS) and Turkmenistan.

Meduza also gathers data from Windows Registry entries and a list of installed games on the target's endpoint, indicating its far-reaching information extraction goals. A web panel interface also gives the attacker details on what Meduza has managed to steal, as well as the ability to download or delete said data. 

According to the researchers at Uptycs, "This in-depth feature set showcases the sophisticated nature of the Meduza Stealer and the lengths its creators are willing to go to ensure its success."

It is currently for sale on dark web forums and the encrypted messaging app Telegram, with a monthly subscription costing $199 and a lifetime license $1,199.

Providing malicious tools as a service is fast becoming the norm, allowing criminals to carry out cyberattacks without needing technical knowledge - they merely rent the software used to deal the damage from others.  

Research by antivirus firm Sophos claims to show that dropper-as-a-service (DaaS) platforms are being used more and more by malware developers, and ransomware-as-a-service (RaaS) models are becoming more popular too, again due to their ease of use by cybercriminals.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.