Meduza Stealer: Another data thief

Meduza Stealer is a hard-to-detect hacking method that targets data in your internet browser. Learn more about it here.

21-07-2023 - 6 minute read. Posted in: hacking.

Meduza Stealer: Another data thief

The cyber world is bringing new and revolutionary approaches and ways to combat cyber attacks. But it also means that hackers and cybercriminals are developing new hacking methods and ways to steal data and compromise our software and hardware.

A clever cyber thief

In the early summer of 2023, an advanced hacking method emerged. In the cyber world, it's an emerging hacking method that stands out more than many others at the time of writing, the Meduza Stealer.

The Meduza Stealer takes its name from its creator, the anonymous actor 'Meduza', who has designed a malware that specifically targets Windows users, and thus the companies that use the operating system.

The purpose of Meduza Stealer is to steal data rather than install malware on devices. Meduza Stealer collects data such as:

  • Online activities
  • Banking information
  • Internet history
  • Browser bookmarks

In addition to these, tools such as password managers, two-factor authentication and cryptocurrency tools are also at risk of being exploited by the Meduza Stealer.

If the data theft goes undetected, it can have financial consequences as well as result in data breaches - both of which are critical for businesses.

Meduza stands out

At first, Meduza Stealer was characterized as a type of ransomware attack, but it stands out more for this type of hacking. It's a fast-evolving hacking method that can incorporate other types of hacking and malware. This makes it more dangerous than regular ransomware.

Another thing that makes the Meduza Stealer notable is that there are some countries where you can't track down the stealer - and at the same time, the hacker using the Meduza Stealer can abort an attack if they see that their server can't connect to the victim's. In this case, there is no way to detect or see that a cyber attack has ever been attempted.

So, Meduza Stealer uses geographical locations to assess whether or not a cyberattack should take place. However, it should be noted that the geographic location is determined by a user's settings, not the physical location of a device - so for example, if you have set your device to be in France, but you are in Germany, the Meduza Stealer will think you are in France.

However, there are 10 countries where Meduza Stealer chooses to stop any cyber attack attempts:

  • Russia
  • Kazakhstan
  • Belarus
  • Georgia
  • Turkmenistan
  • Uzbekistan
  • Armenia
  • Kyrgyzstan
  • Moldova
  • Tajikistan

It is not yet known why these 10 countries are exempt from Meduza Stealer cyberattacks.

It's all about connections

If a server is located in one of the 10 countries, the attack will be stopped and nothing further will happen. But if the server is outside the 10 countries, the attack will continue as planned.

A connection is established between the victim and the hacker's servers, and as soon as the connection is secured, the Meduza Stealer can start stealing data and information from the victim.

Some of that information can be:

  • The name of the computer
  • Information about the hardware
  • Information about the operating system
  • Time zones
  • User names
  • Public IP addresses

In addition, the malware takes a screenshot of the victim's computer before continuing to infect the computer.

Meduza Stealer targets user information, which is typically sensitive personal data. As mentioned, it retrieves information about the browser; both browser history, cookies and login information. Once hackers have this information, they can monetize the information and do a lot of damage to the victim.

Further damage

In addition to targeting the browser, Meduza Stealer can also steal information from password managers and two-factor authentication apps.

So far, there are about 19 different password managers that Meduza Stealer has been able to crack and steal information from - including 1Password, LastPass and Authy. The malware in Meduza Stealer targets tools and functions in password managers and two-factor authentication that contain important information about the user.

If a hacker gets past two-factor authentication or password manager vulnerabilities, they can, in the worst case scenario, get past the extra layers of security we have for our platforms and software.

In addition to these, Meduza Stealer has cryptocurrency wallets in its sights. The malware targets these to gain access to the cryptocurrency and simply steal the currency. Cryptocurrency is attractive to hackers and cybercriminals because, among other things, it is untraceable across borders. It is a highly anonymous currency and payment method for cybercriminals.

Difficult to intercept

One of the disadvantages of Meduza Stealer is that it is a malware that is very difficult to detect by our antivirus programs. This is because hackers have developed new methods and coding that make the malware almost invisible to our regular antivirus programs.

In addition to being difficult to detect in our devices, Meduza Stealer is a Malware-as-a-Service, just like Software-as-a-Service. Hackers can subscribe to the malware, making the use of Meduza Stealer popular among cybercriminals.

Hackers who subscribe to the malware service can go in and download the stolen data and use it as they wish. Furthermore, users can delete data that they have downloaded themselves so that no other hackers can get their hands on it.

The proactive way is the way forward

It may seem like a type of hacking that can't be fought, but we can do our best to disprove it!

First and foremost, all hacking exploits weaknesses in systems and software. Therefore, keep your devices and software up to date and install available updates. This way you patch the holes in the software, and especially in this case - the browser.

In addition to updates, you can install multi-factor authentication for your browsers and various sites you use. By having multi-factor authentication, you make it harder for the hacker to get through - even as they become more skilled at developing malware. Multi-factor authentication often requires authentication methods that are very difficult for the hacker to obtain, such as biometric data or one-time passwords.

You can also implement attack surface management, which provides an overview of possible attack surfaces in a company. Once you have an overview, you can scan and review these continuously to hopefully discover any weaknesses or vulnerabilities in the software.

Author Caroline Preisler

Caroline Preisler

Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.

View all posts by Caroline Preisler

Similar posts