Uptycs says that the administrator of The Meduza Stealer has been selling the brand new malware by displaying that it might efficiently evade detection by respected antivirus software program. Screenshots present Bitdefender, AVG, Kaspersky, McAfee, and Malwarebytes all failing to detect the malware in static and dynamic scans of the Meduza stealer file:
Static antivirus scan report of Meduza stealer file. Picture supply: Uptycs
Right here’s how the malware really works as soon as it infiltrates your laptop:
Step one it performs is a geolocation test. If the sufferer’s location is within the stealer’s predefined record of excluded nations, the malware operation is straight away aborted. Nonetheless, if the placement isn’t on the record, Meduza Stealer checks if the attacker’s server is energetic. In case the server isn’t accessible, the stealer additionally promptly terminates its exercise. If each situations—location test and server accessibility—are favorable, the stealer proceeds to assemble in depth data. This consists of gathering system data, browser knowledge, password supervisor particulars, mining-related registry data, and particulars about put in video games. As soon as this complete set of knowledge is gathered, it’s packaged and uploaded, able to be dispatched to the attacker’s server, thereby finishing the stealer’s operation throughout the contaminated machine.
As famous above, the malware targets a number of delicate apps, together with browsers and password managers. The record of browsers The Meduza Stealer assaults embody a number of variations of Chrome, Edge, Firefox, Opera, Courageous, and dozens extra I’ve by no means even heard of.
Different famous targets embody the Steam software program consumer, Discord, password managers, two-factor authentication apps, and cryptocurrency pockets extensions.