Saturday, June 15, 2024

New Medusa Stealer Attacking Users to Steal Login Credentials

While the world celebrated Christmas, the cybercrime underworld feasted on a different kind of treat: the release of Meduza 2.2, a significantly upgraded password stealer poised to wreak havoc on unsuspecting victims. 

Cybersecurity researchers at Resecurity uncovered the details of New Medusa Stealer malware.

Resecurity is a cybersecurity company specializing in endpoint protection, risk management, and cyber threat intelligence.


Attention! The New Year’s Update
Before the New Year 2024, the Meduza team decided to please customers with an update. Under the
Christmas tree, you can find great gifts such as significant improvements in user interface (panel), modal windows on loading, and expansion of data collection objects

A Feast of Features

Meduza 2.2 boasts a veritable buffet of enhancements, including:

  • Expanded Software Coverage: The stealer now targets over 100 browsers, 100 cryptocurrency wallets, and a slew of other applications like Telegram, Discord, and password managers. This broader reach increases its potential for victimization.
  • Enhanced Credential Extraction: Meduza 2.2 digs deeper, grabbing data from browser local storage dumps, Windows Credential Manager, and Windows Vault, unlocking a treasure trove of sensitive information.
  • Google Token Grabber: This new feature snags Google Account tokens, allowing attackers to manipulate cookies and gain access to compromised accounts.
  • Improved Crypto Focus: Support for new browser-based cryptocurrency wallets like OKX and Enrypt, along with Google Account token extraction, makes Meduza a potent tool for financial fraud.
  • Boosted Evasion: The stealer boasts an optimized crypting stub and improved AV evasion techniques, making it harder to detect and remove.

These advancements position Meduza as a serious competitor to established players like Azorult and Redline Stealer

Its flexible configuration, wide application coverage, and competitive pricing ($199 per month) make it an attractive option for cybercriminals of all skill levels.

A Recipe for Trouble

The consequences of Meduza’s widespread adoption are grim.

  • Account Takeovers (ATOs): Stolen credentials can be used to hijack email accounts, social media profiles, bank accounts, and other online services.
  • Online Banking Theft: Financial data gleaned from infected machines can be used to drain bank accounts and initiate fraudulent transactions.
  • Identity Theft: Sensitive information like names, addresses, and Social Security numbers can be exploited for identity theft and financial fraud.

To combat this growing threat, individuals and organizations must:

  • Practice strong password hygiene: Use unique, complex passwords for all accounts and enable two-factor authentication where available.
  • Beware of phishing scams: Don’t click on suspicious links or download attachments from unknown sources.
  • Keep software up to date: Regularly update operating systems, applications, and security software to patch vulnerabilities.
  • Invest in robust security solutions: Implement comprehensive security solutions that can detect and block malware like Meduza.

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles