Meduza: Scary name, scarier malware

Use Chrome, Edge, Brave, Sidekick, Opera or Firefox to browse the web? What about Discord, Steam, a password manager or a crypto wallet? 

You’re a prime target for the Meduza Stealer — a type of malware that poses a serious personal and digital security risk. Its primary purpose is to steal valuable data from your computer. We’re talking login credentials, credit card details and cryptocurrency wallet data.

Let’s take a deeper look at how the malicious software works. Consider this your Cybersecurity 102 lesson of the day!

Hunt and gather

Once Meduza Stealer infiltrates a computer, it gets to work gathering information. Step 1: GPS check. Meduza does not steal data from any computer in Russia, Kazakhstan, Belarus, Georgia, Turkmenistan, Uzbekistan, Armenia, Kyrgyzstan, Moldova or Tajikistan.

Not in one of those countries? Great. Now it’s ready to collect details about your computer system, which it then uses to sniff out your valuable data. Passwords, card details and other credentials are fair game. Then all that info goes back to the attacker.

It can steal info from 19 password manager apps, 76 crypto wallets and 95 web browsers, as well as apps Discord and Steam.

Hiding in plain sight

The Meduza Stealer is notoriously hard to spot. A process called obfuscation hides its activities, essentially masking actions so they appear harmless or invisible to your computer’s security software. It also uses encryption to protect your stolen data during transmission back to the attacker. Uh, thanks?

It’s also pretty darn good at tricking standard antivirus software. The stealer changes and adapts once it’s spotted so it can fly under the radar. Free AV isn’t going to cut it.

How to protect yourself

Yeah, it’s tricky, but some vigilance and basic security measures go a long way. 

Continue reading

Safe ways to get free stuff in your neighborhood

If you want to save money while connecting to your community, you have to join a buy nothing group. It’s exactly what it says on the tin: a group of neighbors with their own gift economy. You can join a Facebook group or even a community on NextDoor or other apps. Tap or click here to find out how Nextdoor and other apps help sell your old, used or battered tech.

Continue reading

15 years in prison

For a 21-year-old airman who leaked classified info. Jack Teixeira shared top-secret documents on a Discord server to show his online comrades what war was really like. Now he’ll know what war and prison are like.

Don’t let curiosity about NFTs allow hackers to hijack your computer

This is NFA, but when you see 1:1 generative art that’s freshly minted at the start of a new SZN, you need to DYOR before you move liquidity. Otherwise, you’re NGMI and possibly lose much more than 5ETH and a few NFTs.

Continue reading