First seen in Spring 2022, the META Information Stealer malware is becoming a popular cybercriminal tool. It is designed to steal cryptocurrency assets and passwords commonly stored in web browsers like Chrome, Edge, and Firefox.
In this campaign, criminals employ a standard lure of sending Excel spreadsheet files laced with malware macros as attachments to their targets’ inboxes. The email message usually mentions fund transfers to trick users into downloading and opening the attachment on their devices.
Once opened, the document prompts targets with a DocuSign message meant to deceive them to “enable content.” Then, a malicious VBS macro starts running in the background.
While there is a lot more to how this insidious piece of malware operates and protects itself from removal (see articles on BitDefender or Cyber Intel Mag for detailed information), this is a good time to reiterate some best practices for email security:
- Be suspicious of attachments. Only open attachments from trusted sources. Ignore common traps like “funds transfer,” “take action immediately,” “critical action required,” etc.
- Saving passwords in web browsers is convenient, but it does create a risk of compromise via a malware attack. Using a third-party password manager is a better solution.
- If your system does become infected, seek professional assistance to ensure the malware gets completely removed. Malware uis often designed so that it can re-infect your system and/or avoid regular virus scans.
- Keep up to date on current threats by subscribing to cybersecurity newsletters and resources.
Expect more attacks using META and similar info stealers. They work often enough to deliver financial results to the criminals that use them.