News Heading - 1

Meduza Stealer: A New Malware Targets Sensitive Data of Windows Users

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A new Windows-based infostealer named ‘’Meduza Stealer’’ has been discovered by security researchers of Uptycs Threat Research team. An actively developed tool with the potential of new features additions, the stealthy malware with its advanced data theft capabilities can avoid detection by majority of security software.

The primary objective of this malware is stealing data that includes browsing history, login credentials, bookmarks, password managers, two-factor authentication (2FA) and crypto wallet extensions.

Meduza also uses a variety of Windows APIs to collect system information from the victim’s machine. This includes computer name, CPU details, hardware ID and RAM details, usernames, timezone, operating system details, public IP address, system build, screenshots, and geographical location.

The malware with a self-terminating capability does not use any obfuscation techniques, rather it immediately terminates its attack on the targeted host if the connection to the attacker’s server fails. Its execution is also aborted if a victim’s location is in its predefined list of excluded countries from the CIS region (Commonwealth of Independent States) and Turkmenistan.

In addition to stealing a variety of personal and system-related information on Windows devices, the malware also extracts information from 76 crypto wallets, Discord, Steam, 19 password manager apps, and 95 web browsers. The details have been shared by Uptycs in its research article.

Following its investigation, Uptycs has said that although no data breach incident can be associated with this malware, its stealth capability cannot be undermined. ‘’Left unchecked, the consequences for those affected could be severe, including financial losses and the potential for large-scale data breaches that can have far-reaching implications for organizations,’’ noted the company.

News Heading - 2

Mexico-Based Threat Actor Targets Global Bank Users With Android Trojan

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

New security report published by SentinelOne revealed a Mexico-based eCrime threat actor that has been linked to a series of attacks targeting major banks around the world. With a focus on Spanish and Chilean financial institutions, the campaign spanned nearly two years, from June 2021 to April 2023.

Some of their notable targets include Santander, BBVA, Deutsche Bank, ING, and CaxiBank.

The report by security researcher Pol Thill was published by SentinelOne following the first Malware Research Challenge which was done in partnership with vx-underground. According to Thill, the threat actor behind the campaign is codenamed Neo_Net and is known to use unsophisticated tools.

The Spanish speaking threat actors have become quite prominent since their discovery in early 2021. In addition to deploying cybercrime campaigns, the actor is known to engage in the sale of victims’ data on its Ankarex channel as well as advertise its Android malware, ‘’ Ankarex Smishing-as-a-Service platform’’ to select members.

In the current campaign, by using Neo_Net’s proprietary service, Ankarex, the threat actors initially employ SMS phishing tactics and deceive the victims into sharing sensitive information and credentials. The carefully crafted messages that seem to be authentic important communication from banks also contain hyperlinks to bogus landing pages. These pages help the actors exfiltrate the victims’ banking credentials, including their IP addresses and user agents.

Despite the use of basic hacking tools, the threat actors have witnessed remarkable success. Over the said period, they’ve stolen more than €350,000 from targeted bank accounts and compromised personal information of thousands of victims. The stolen information includes phone numbers, names, and national identity numbers.

‘’The success of their campaigns can be attributed to the highly targeted nature of their operations, often focusing on a single bank, and copying their communications to impersonate bank agents,’’ noted Thill.