2022-04-19

MetaStealer Malware

Level: 
Tactical
  |  Source: 
ISC.SANS
Share:

MetaStealer Malware

Industry: N/A | Level: Tactical | Source: ISC.SANS

New information-stealing malware, META has been gaining popularity amongst cybercriminals. Research from SANS and BleepingComputer shares the malware has been distributed through malspam campaigns. Sample submissions to VirusTotal for the malware have been rising, as since March 30th, 2022 there have been at least 16 samples submitted. Web traffic for the malware has been identified as utilizing GitHub and a transfer[.]sh URL to host malicious binaries. After the initial infection, a reboot for persistence only utilized transfer[.]sh. Based on the listing for the malware on underground forums has described the malware as "an improved version of RedLine." Information targeted by the malware for theft includes credentials from browsers and cryptocurrency wallets.

  • Anvilogic Scenario: MetaStealer - Malspam Infection Chain
  • Anvilogic Use Cases:
  • Suspicious Email Attachment
  • Malicious Document Execution
  • Wscript/Cscript Execution
  • Git Repository Accessed
  • Executable File Written to Disk
  • New AutoRun Registry Key
  • Add DLL/EXE Registry Value
  • Suspicious File written to Disk
  • Command and Control Beaconing via WEB

Get trending threats published weekly by the Anvilogic team.

Sign Up Now