These extensions provide functionality for tasks such as monitoring account balances, conducting cryptocurrency transactions details.” There are 76 cryptocurrency wallets currently targeted by Meduza Stealer.įrom Uptycs Threat Research, “The malware attempts to extract cryptocurrency wallet extensions from web browsers via software plugins or add-ons that enable users to conveniently manage their cryptocurrency assets directly within web browsers like Chrome or Firefox. How Generative AI is a Game Changer for Cloud Security Cryptocurrency wallets Must-read security coverageĨ Best Penetration Testing Tools and Software for 2023Ħ Best Cybersecurity Certifications of 2023 Through gaining access to 2FA codes or exploiting weaknesses in password manager extensions, the attacker might be able to evade security protocols and achieve unauthorized access to user accounts. The malware specifically targets extensions associated with two-factor authentication and password managers with the intention of extracting data these extensions possess significant information and may contain vulnerabilities. LastPass, 1Password and Authy are just three of the password managers listed.įigure C Password managers targeted by Meduza Stealer. Nineteen password managers are targeted by Meduza Stealer based on their Extension ID ( Figure C). Chrome, Firefox and Microsoft Edge are just three of the browsers on the list.įigure B Browser list that’s embedded in the Meduza Stealer malware code. A list of 97 browser variants is embedded in the malware, showing a huge effort not to miss any data from browsers ( Figure B). Meduza Stealer hunts for data in the User Data folder it’s searching for browser-related information such as the browser history, its cookies, login and web data. Image: Uptycs Meduza Stealer’s massive theft capabilities Browsers Then, the malware is ready for its stealing operations ( Figure A).įigure A Meduza Stealer’s workflow. The next step for the malware consists of checking if it can reach the attacker’s server before starting to collect basic information on the infected system, such as computer name, CPU/GPU/RAM/Hardware details, operating system version’s precise build details, time zone and current time, username, public IP address, execution path and screen resolution. The malware stops working if the result indicates one of these 10 countries: Russia, Kazakhstan, Belarus, Georgia, Turkmenistan, Uzbekistan, Armenia, Kyrgyzstan, Moldova and Tajikistan. This function looks for a country value based on the system’s settings and not real geolocation information. Once Meduza Stealer is launched, the malware starts checking for its geolocation by using the Windows GetUserGeoID function. What happens when Meduza Stealer is launched? How to stay safe from this cybersecurity threat.How Meduza Stealer is promoted to cybercriminals.Meduza Stealer’s massive theft capabilities.What happens when Meduza Stealer is launched?.Learn what happens when Medusa Stealer is launched, how the malware is being promoted to cybercriminals and tips on protecting your company from this cybersecurity threat. It’s highly suspected that Meduza Stealer is spread via the usual methods used for information stealers, such as compromised websites spreading the malware and phishing emails. Uptycs research indicates that “no specific attacks have been attributed to date” though, probably because Meduza Stealer is new malware. The malware was developed to target Windows operating systems. New malware dubbed Meduza Stealer can steal information from a large number of browsers, password managers and cryptocurrency wallets, according to a report from cybersecurity company Uptycs. Learn how the Meduza Stealer malware works, what it targets and how to protect your company from this cybersecurity threat. Other names may be trademarks of their respective owners.New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. Alexa and all related logos are trademarks of, Inc. App Store is a service mark of Apple Inc. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Firefox is a trademark of Mozilla Foundation. or its affiliates in the United States and other countries. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.Ĭopyright © 2023 NortonLifeLock Inc. The Norton and LifeLock Brands are part of NortonLifeLock Inc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |