There’s a new information stealer on the rise, and security researchers say that it is currently being distributed in malspam campaigns. In other words, the so-called META infostealer is delivered via malicious spam in email messages (attachments). Since the infamous Raccoon infostealer is no longer a player, other infostealers are fighting to take its place.
META Infostealer: What Is Known So Far?
Cybersecurity researchers report that the malicious tool is being offered for $125 a month, or $1,000 for unlimited lifetime use. It is being promoted as an improved version of RedLine, an info- stealing malware family that emerged amidst the Covid-19 pandemic.
The new malspam campaign has been detected by security researcher Brad Duncan, who says that it is being actively used in attacks to steal passwords stored in Chrome, Edge, and Firefox browsers. The META infostealer is also interested in harvesting passwords for cryptocurrency wallets.
Since malicious spam usually relies on malicious macros in documents, this one is not an exception as well. The malware uses macro-laced Excel documents sent as email attachments. Even though the current campaign is not exceptionally clever or written in a convincing manner, it still can be efficient, as many users tend to miss the red flags and regularly open suspicious attachments.
To appear more convincing, the malicious Excel file uses a DocuSign lure to push the potential victim into enabling content required to run the malicious macro. Once the script is initiated, it downloads various payloads, such as DDLs and executables, from multiple directions. Some of the downloaded files are encoded with base64 or have their bytes reversed. This is done to evade detection by security vendors.
Th ..
Support the originator by clicking the read the rest link below.
