New Medusa Stealer Attacking Users to Steal Login Credentials

While the world celebrated Christmas, the cybercrime underworld feasted on a different kind of treat: the release of Meduza 2.2, a significantly upgraded password stealer poised to wreak havoc on unsuspecting victims. 

Cybersecurity researchers at Resecurity uncovered the details of New Medusa Stealer malware.

Resecurity is a cybersecurity company specializing in endpoint protection, risk management, and cyber threat intelligence.

Translation:
Attention! The New Year’s Update
Before the New Year 2024, the Meduza team decided to please customers with an update. Under the Christmas tree, you can find great gifts such as significant improvements in user interface (panel), modal windows on loading, and expansion of data collection objects

A Feast of Features

Meduza 2.2 boasts a veritable buffet of enhancements, including:

• Expanded Software Coverage: The stealer now targets over 100 browsers, 100 cryptocurrency wallets, and a slew of other applications like Telegram, Discord, and password managers. This broader reach increases its potential for victimization.
• Enhanced Credential Extraction: Meduza 2.2 digs deeper, grabbing data from browser local storage dumps, Windows Credential Manager, and Windows Vault, unlocking a treasure trove of sensitive information.
• Google Token Grabber: This new feature snags Google Account tokens, allowing attackers to manipulate cookies and gain access to compromised accounts.
• Improved Crypto Focus: Support for new browser-based cryptocurrency wallets like OKX and Enrypt, along with Google Account token extraction, makes Meduza a potent tool for financial fraud.
• Boosted Evasion: The stealer boasts an optimized crypting stub and improved AV evasion techniques, making it harder to detect and remove.

These advancements position Meduza as a serious competitor to established players like Azorult and Redline Stealer. 

Its flexible configuration, wide application coverage, and competitive pricing ($199 per month) make it an attractive option for cybercriminals of all skill levels.

A Recipe for Trouble

The consequences of Meduza’s widespread adoption are grim.

• Account Takeovers (ATOs): Stolen credentials can be used to hijack email accounts, social media profiles, bank accounts, and other online services.
• Online Banking Theft: Financial data gleaned from infected machines can be used to drain bank accounts and initiate fraudulent transactions.
• Identity Theft: Sensitive information like names, addresses, and Social Security numbers can be exploited for identity theft and financial fraud.

To combat this growing threat, individuals and organizations must:

• Practice strong password hygiene: Use unique, complex passwords for all accounts and enable two-factor authentication where available.
• Beware of phishing scams: Don’t click on suspicious links or download attachments from unknown sources.
• Keep software up to date: Regularly update operating systems, applications, and security software to patch vulnerabilities.
• Invest in robust security solutions: Implement comprehensive security solutions that can detect and block malware like Meduza.