Resecurity's HUNTER unit has uncovered a crucial discovery on Christmas Eve. It's not all about opening gifts, but instead seeing the latest version of the password stealer Meduza.
According to cybersecurity researchers, the new update brings version 2.2 which comes with significant upgrades. The experts believe that it can even compete with other password stealers such as Vidar, Azorult, and Racoon Stealer.
These are all notorious for online banking theft, making them a favorite pick among threat actors.
Meduza Stealer's New Version Comes with Several Improvements
Known for its password-stealing mechanism, the Meduza malware comes with another variant that is said to target password storage to steal credentials. The new version is now available on the dark web.
According to Resecurity's blog on Dec. 27, Meduza's version 2.2 introduces several noteworthy enhancements, including extended support for diverse software clients.
The improvements cover browser-based cryptocurrency wallets, an upgraded credit card (CC) grabber, and advanced mechanisms for password storage dumps across various platforms. This evolution positions Meduza as a robust and versatile tool for cybercriminals seeking illicit gains.
Related Article: Yakult Australia Data Breach Sees Employee Files Leaked in Dark Web; DragonForce Blamed For the Attack
Versatility and Platform Support
Originally surfacing in the XSS underground forum, Meduza garnered positive feedback in well-established communities like Exploit.
Presently, it extends its reach to Windows Server editions (2012/2016/2019/2022) and Windows operating systems (10/11). The author has demonstrated its seamless operation across all editions, earning accolades for stability and reliability in the cyber underworld.
Furthermore, Meduza stands out with its capability to extract data from a wide array of popular software applications. The extensive list includes support for 106 browsers, 107 cryptocurrency wallets, various file extensions via the FileGrabber module, messaging apps like Telegram, gaming platforms like Steam and Discord, password managers, VPN solutions like OpenVPN, and even email clients like Outlook.
What Browsers Does Meduza Support?
Based on a report by Security Affairs, the supported browsers span Chromium-based and Gecko-based categories. Notable mentions include Google Chrome, Microsoft Edge, Firefox, and many others. Additionally, the inclusion of Discord and Telegram clients further expands Meduza's scope, showcasing its adaptability to evolving digital landscapes.
The popular stealer is not only limited to browsers. Meduza's prowess extends to cryptocurrency wallets and password managers. It covers a wide range of crypto-extensions, including Metamask, BinanceChain, and Coin98, as well as popular desktop cryptocurrency wallets like Coinomi, Exodus, and Electrum.
The comprehensive support for password managers ensures that Meduza can infiltrate and extract sensitive information from widely used tools like LastPass, Bitwarden, and 1Password.
Meduza's evolution only proves that the perpetual cat-and-mouse game between threat actors and cybersecurity experts will not stop instantly. As organizations adapt their defenses, hackers become smarter to evade any security defenses in a particular system.
Three days after Christmas, the DragonForce ransomware gang attacked the Ohio Lottery, forcing it to shut down temporarily.
In the wake of the cyberattack, the gaming system remained operational. However, the people were warned to refrain from putting any money into the website and mobile app before the problem was resolved.
Read Also: Russian Ransomware Group BlackCat Seized by US: Decryption Tool Distributed to Over 500 Victims
