Harmful new malware targets dozens of browsers, password managers, and crypto wallets

If you’re studying this on a Home windows system, that you must be careful for harmful new malware that has been infecting web browsers, password managers, and even cryptocurrency wallets. The Uptycs Risk Analysis staff has named the malware “The Meduza Stealer” after Meduza, the menace actor who created it. Though no particular assaults have been attributed to The Meduza Stealer but, Uptycs says the malware is able to “complete information theft.”

Uptycs says that the administrator of The Meduza Stealer has been selling the brand new malware by displaying that it could actually efficiently evade detection by respected antivirus software program. Screenshots present Bitdefender, AVG, Kaspersky, McAfee, and Malwarebytes all failing to detect the malware in static and dynamic scans of the Meduza stealer file:

Static antivirus scan report of Meduza stealer file. Picture supply: Uptycs

Right here’s how the malware really works as soon as it infiltrates your pc:

Step one it performs is a geolocation verify. If the sufferer’s location is within the stealer’s predefined record of excluded international locations, the malware operation is instantly aborted. Nevertheless, if the placement isn’t on the record, Meduza Stealer checks if the attacker’s server is lively. In case the server isn’t accessible, the stealer additionally promptly terminates its exercise. If each circumstances—location verify and server accessibility—are favorable, the stealer proceeds to assemble in depth info. This consists of accumulating system info, browser information, password supervisor particulars, mining-related registry info, and particulars about put in video games. As soon as this complete set of information is gathered, it’s packaged and uploaded, able to be dispatched to the attacker’s server, thereby finishing the stealer’s operation throughout the contaminated machine.

As famous above, the malware targets a number of delicate apps, together with browsers and password managers. The record of browsers The Meduza Stealer assaults embrace a number of variations of Chrome, Edge, Firefox, Opera, Courageous, and dozens extra I’ve by no means even heard of.

Different famous targets embrace the Steam software program shopper, Discord, password managers, two-factor authentication apps, and cryptocurrency pockets extensions.

To be able to keep away from changing into a sufferer of The Meduza Stealer malware, Uptycs recommends you frequently set up updates on your pc and any purposes, watch out when downloading recordsdata, use sturdy passwords, and keep away from suspicious browser extensions.