Home > Cyber News > New META Infostealer Is After Your Passwords and Crypto Wallets

New META Infostealer Is After Your Passwords and Crypto Wallets

CryptBot Infostealer Distributed by Pirated Software Websites

There’s a new information stealer on the rise, and security researchers say that it is currently being distributed in malspam campaigns. In other words, the so-called META infostealer is delivered via malicious spam in email messages (attachments). Since the infamous Raccoon infostealer is no longer a player, other infostealers are fighting to take its place.

META Infostealer: What Is Known So Far?

Cybersecurity researchers report that the malicious tool is being offered for $125 a month, or $1,000 for unlimited lifetime use. It is being promoted as an improved version of RedLine, an info- stealing malware family that emerged amidst the Covid-19 pandemic.

The new malspam campaign has been detected by security researcher Brad Duncan, who says that it is being actively used in attacks to steal passwords stored in Chrome, Edge, and Firefox browsers. The META infostealer is also interested in harvesting passwords for cryptocurrency wallets.

Since malicious spam usually relies on malicious macros in documents, this one is not an exception as well. The malware uses macro-laced Excel documents sent as email attachments. Even though the current campaign is not exceptionally clever or written in a convincing manner, it still can be efficient, as many users tend to miss the red flags and regularly open suspicious attachments.

To appear more convincing, the malicious Excel file uses a DocuSign lure to push the potential victim into enabling content required to run the malicious macro. Once the script is initiated, it downloads various payloads, such as DDLs and executables, from multiple directions. Some of the downloaded files are encoded with base64 or have their bytes reversed. This is done to evade detection by security vendors.

The final payload uses qwveqwveqw.exe as a name, but researchers note that the name could be randomly generated. A new registry key is also added for persistence. Another capability of META inforstealer is modifying Window Defender using PowerShell to exclude .exe files from scanning. This is also done to protect against detection.

Other Infostealer on the Loose, too

CryptBot is another recent inforstealer ​​distributed with the help of pirated software websites that offer free downloads for cracked games and pro-grade software.

Cryptbot has been described as “a typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system.” Stolen details are bundled into zip-files and uploaded to the command-and-control server.

We advise our readers to be extra vigilant when downloading software from the web, or opening unsuspected email messages. As seen in the above examples, these are popular distribution channels of trojans and infostealers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree