April 11, 2022

Attackers are actively using Meta malware, a new info-stealer malware that steals information, in multiple attacks.

The attackers’ main aim is to steal passwords stored in Chrome, Edge, Firefox and cryptocurrency wallets.

Hackers who use the malicious software first send a phishing email to victims. The email contains information about money transfers with a request to an attached document.

Embedded in the attached document are spreadsheet files with DocuSign bait that trick victims into enabling content required to run the malicious VBS macro in the background.

After clicking on “enable content” the malicious script starts downloading various payloads, some of which are structured to bypass security.

Also to bypass Windows Defender, Meta malware modifies it with PowerShell to exclude .exe files from scanning, thereby protecting its malicious files from detection.

The tool is sold for $125 for monthly subscribers or $1,000 for unlimited lifetime and is advertised as an improved version of RedLine.

The sources for this piece include an article in BleepingComputer.