Meduza Stealer: A New Malware Targets Sensitive Data of Windows Users

A new Windows-based infostealer named ‘’Meduza Stealer’’ has been discovered by security researchers of Uptycs Threat Research team. An actively developed tool with the potential of new features additions, the stealthy malware with its advanced data theft capabilities can avoid detection by majority of security software.

The primary objective of this malware is stealing data that includes browsing history, login credentials, bookmarks, password managers, two-factor authentication (2FA) and crypto wallet extensions.

Meduza also uses a variety of Windows APIs to collect system information from the victim’s machine. This includes computer name, CPU details, hardware ID and RAM details, usernames, timezone, operating system details, public IP address, system build, screenshots, and geographical location.

The malware with a self-terminating capability does not use any obfuscation techniques, rather it immediately terminates its attack on the targeted host if the connection to the attacker’s server fails. Its execution is also aborted if a victim’s location is in its predefined list of excluded countries from the CIS region (Commonwealth of Independent States) and Turkmenistan.

In addition to stealing a variety of personal and system-related information on Windows devices, the malware also extracts information from 76 crypto wallets, Discord, Steam, 19 password manager apps, and 95 web browsers. The details have been shared by Uptycs in its research article.

Meduza is currently sold and marketed through Telegram channels and dark web forums. Using a subscription-based pricing model (one-month, three-month, and lifetime access plan) the administrator of the malware is trying to attract potential buyers. Moreover, access to the stolen data is offered through a user-friendly web panel, where interested buyers can subscribe and manipulate the data, as desired.

Following its investigation, Uptycs has said that although no data breach incident can be associated with this malware, its stealth capability cannot be undermined. ‘’Left unchecked, the consequences for those affected could be severe, including financial losses and the potential for large-scale data breaches that can have far-reaching implications for organizations,’’ noted the company.