Researchers from BI.ZONE has discovered a new hacking group that is tricking victims into downloading Meduza Stealer malware by sending them fake emails impersonating well-known companies.
This malware can steal personal information such as passwords, system information, and cryptocurrency wallet credentials.
The group sends emails that appear to be from legitimate companies in the industrial automation sector, tricking recipients into downloading malware.
These phishing emails contain malicious attachments that install Meduza Stealer, a powerful malware that steals credentials, system data, and other sensitive information.
Stone Wolf's phishing emails use legitimate company logos and brand designs to appear trustworthy.
This strategy increases the likelihood of recipients opening the email and downloading the malicious attachments.
The primary file used in the attack is called Dostavka_Promautomatic.zip, and it contains both legitimate and malicious files.
When the malicious link in the attachment is clicked, Meduza Stealer is silently installed on the victim's computer.
Once installed, this malware collects a wide range of information, including login credentials, data from web browsers, email clients, and even cryptocurrency wallets.
It also collects system data, including the operating system version, device name, and hardware specifications.
To give history, Meduza Stealer first appeared on underground cybercrime forums in June 2023 and is now available for purchase as malware-as-a-service.
The malware subscription prices range from $199 per month to $1,199 for lifetime access.
Meduza Stealer purchasers receive a builder tool as well as access to a web panel where they can monitor the data stolen from victims' devices.
The malware is extremely effective at stealing data from a variety of applications, including password managers, cryptocurrency wallets, and well-known apps such as Telegram, Discord, and Steam.
In addition to credentials, Meduza Stealer can capture session data and active processes, broadening the scope of data stolen.