A nasty new infostealer malware is landing in email inboxes

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Experts have identified a new ongoing campaign which looks to distribute the novel META malware to as many endpoints as possible.

Initially discovered by security researcher and ISC Handler Brad Duncan, META is an infostealer malware, which can harvest passwords and other login data from browsers, as well as from cryptocurrency wallets. 

The distribution campaign is nothing out of the ordinary, with threat actors opting for emails and macro-heavy Excel files. The emails are usually a “notification” about fund transfers, with “details” found on the link attached to the email

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Filling the void

The link leads to DocuSign, a well-known digital signature service provider, where users are invited to download the Excel file and urged to “enable content” which, instead, enables malicious macros.

The researcher is saying the email isn’t particularly convincing, but believes that it is still capable of fooling many recipients. 

The macro will then download multiple payloads, some being hosted on GitHub, as well. The final payload, once assembled, will be visible on the compromised endpoint under “qwveqwveqw.exe”. It will also have a registry key, for persistence. 

Speaking of persistence, META is found to modify Windows Defender via PowerShell, to exclude .exe files from being scanned by antivirus software

According to BleepingComputer, META is one of a couple of new infostealers which are trying to fill the void after Racoon Stealer left the market. It’s being sold online for a monthly subscription of $125. Those interested in unlimited, lifetime use, will have to shell out $1,000.

META is built upon RedLine Stealer, another hugely popular infostealer.

RedLine Stealer is often used to steal passwords stored in people’s browsers, and is usually sold online for roughly $150 - $200. As email is the most popular distribution method, security experts are warning users to be extra careful when accepting attachments from emails, or clicking on links. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Magnifying glass enlarging the word &#039;malware&#039; in computer machine code
Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo &amp; Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'