A nasty new infostealer malware is landing in email inboxes

It’s trying to steal people’s passwords

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Experts have identified a new ongoing campaign which looks to distribute the novel METAmalwareto as many endpoints as possible.

Initially discovered by security researcher and ISC Handler Brad Duncan, META is an infostealer malware, which can harvestpasswordsand other login data from browsers, as well as from cryptocurrency wallets.

The distribution campaign is nothing out of the ordinary, with threat actors opting for emails and macro-heavy Excel files. The emails are usually a “notification” about fund transfers, with “details” found on the link attached to theemail.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Filling the void

The link leads to DocuSign, a well-known digital signature service provider, where users are invited to download the Excel file and urged to “enable content” which, instead, enables malicious macros.

The researcher is saying the email isn’t particularly convincing, but believes that it is still capable of fooling many recipients.

The macro will then download multiple payloads, some being hosted on GitHub, as well. The final payload, once assembled, will be visible on the compromised endpoint under “qwveqwveqw.exe”. It will also have a registry key, for persistence.

Speaking of persistence, META is found to modify Windows Defender via PowerShell, to exclude .exe files from being scanned byantivirus software.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This nightmare incident shows why you really shouldn’t store passwords in your browser>This new Windows botnet could drain your crypto wallet>These fake Windows 11 upgrade installers will just infect you with malware

According toBleepingComputer, META is one of a couple of new infostealers which are trying to fill the void after Racoon Stealer left the market. It’s being sold online for a monthly subscription of $125. Those interested in unlimited, lifetime use, will have to shell out $1,000.

META is built upon RedLine Stealer, another hugely popular infostealer.

RedLine Stealer is often used to steal passwords stored in people’s browsers, and is usually sold online for roughly $150 - $200. As email is the most popular distribution method, security experts are warning users to be extra careful when accepting attachments from emails, or clicking on links.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)