Data Stealer
Trojan
Banking
Meduza Stealer is an advanced malware that steals data from Windows systems. It’s presented as a data recovery and network testing tool but in reality, it’s much more malicious. Meduza can steal data, launch DDoS attacks, and mine cryptocurrency, a threat to individuals and organizations.
Meduza Stealer can harvest personal and financial data. It targets login credentials, browsing history, cookies, cryptocurrency wallets, and data from password managers. By accessing these areas Meduza allows attackers to do identity theft, financial fraud,d and unauthorized access to sensitive accounts.
Distribution
Malware is distributed through phishing, malicious downloads, and exploits. Attackers use phishing emails or compromised websites to trick users to download and execute the payload. Once installed Meduza connects to its C2 to exfiltrate the stolen data.
Evasion
Meduza has advanced anti-detection mechanisms to evade antivirus and sandbox environments. It uses anti-vm and anti-sandbox to prevent analysis and detection. Also, the malware encrypts its payload with ChaCha20 and encodes it in Base64 to add more obfuscation to make detection harder.
Install EDR tools to monitor network and file system activity.
Keep your OS and software up to date to prevent exploitation of vulnerabilities.
Train your staff on phishing and social engineering to prevent initial infection.
Use advanced email filtering to detect and block malicious attachments and links.
