Watch out for “META” Malware
By: Bill Howard - Manager of IT Services
Spring has sprung, April is here, and promises of May flowers are in the air. As the weather begins to change and our lives become filled with the joys of spring, let us keep in mind that all is not a bed of roses. Recently, Cybersecurity researchers have discovered a new malware infection spreading throughout the internet.
“META” is an information stealing malware tool, which can collect passwords and login data from web browsers and cryptocurrency wallets. Yes, this is the same name that Facebook has chosen for their parent company after reorganizing their corporate structure in October of 2021. To clarify, they are not one in the same.
META, the malware, is showing up in e-mail inboxes disguised as a “funds transfer” message. Often the message will send you to DocuSign to download Excel spreadsheets. The Excel files will have embedded macros that carry links to the infection. Those links often link to GitHub to download the full malware payload. Once all the malware tools have been downloaded, the infection goes to work creating anti-virus rules in Windows Defender that will allow it to work unseen.
Important note: You can manually check to see if the malware has been installed on your device. It will show up in a search as “qwveqwveqw.exe” and will also be present in the Windows registry.
HERE’S HOW CYBER CRIMINALS USE THE MALWARE
The META malware, along with its base info-stealing application RedLine Stealer, is being sold to cybercriminals in subscription form on the dark web. Cybercriminals can subscribe to the service for $125/month or $1,000 for a lifetime membership. The goal of the cybercriminal is to gain access to your bank accounts and cryptocurrency wallets.
Email remains the easiest and most efficient form of malware distribution. Protect yourself and your family by being vigilant when checking e-mail.
Important note: If you don’t know the sender or are not expecting an email with an attachment, simply delete the email without opening the attachment or call the sender to verify that they sent you the email.
Keep in mind that the sender’s email may have been taken over by a cyber-criminal and no sender should be blindly trusted as a “safe sender.”
Please stay safe and enjoy your beautiful spring weather.