META Malware Steals Crypto and Password Info from Browsers

  • Fraud and Security
malware

First seen in Spring 2022, the META Information Stealer malware is becoming a popular cybercriminal tool. It is designed to steal cryptocurrency assets and passwords commonly stored in web browsers like Chrome, Edge, and Firefox.

In this campaign, criminals employ a standard lure of sending Excel spreadsheet files laced with malware macros as attachments to their targets’ inboxes. The email message usually mentions fund transfers to trick users into downloading and opening the attachment on their devices.

Once opened, the document prompts targets with a DocuSign message meant to deceive them to “enable content.” Then, a malicious VBS macro starts running in the background.

While there is a lot more to how this insidious piece of malware operates and protects itself from removal (see articles on BitDefender or Cyber Intel Mag for detailed information), this is a good time to reiterate some best practices for email security:

  • Be suspicious of attachments. Only open attachments from trusted sources. Ignore common traps like “funds transfer,” “take action immediately,” “critical action required,” etc.
  • Saving passwords in web browsers is convenient, but it does create a risk of compromise via a malware attack. Using a third-party password manager is a better solution.
  • If your system does become infected, seek professional assistance to ensure the malware gets completely removed. Malware is often designed so that it can re-infect your system and/or avoid regular virus scans.
  • Keep up to date on current threats by subscribing to cybersecurity newsletters and resources.

Expect more attacks using META and similar info stealers. They work often enough to deliver financial results to the criminals that use them.

More Resources

  • Fraud and Security

The Growing Threat in Your Inbox

October is Cybersecurity Awareness Month. Business owners are increasingly targeted with various scams. Learn more about keeping your business safe and secure....
  • Fraud and Security

No Tricks! Learn How to Avoid Scammers with #BanksNeverAskThat

October is Cybersecurity Awareness Month, and at GRB, we’re committed to helping our accountholders stay vigilant against fraud. Cybercriminals are constantly evolving their tactics, but...
  • Fraud and Security

Can You Spot a Scam?

Every day, thousands of people fall victim to fraudulent emails, texts and calls from scammers...learn how to protect yourself during Cybersecurity Awareness Month....
View All Resources

Related Posts