죄송합니다. 이 페이지의 콘텐츠는 선택하신 언어로 제공되지 않습니다.

주요 내용으로 건너뛰기
MetaStealer

MetaStealer

Category: Malware

Type: Information-stealing malware

Platform: Windows, macOS

Variants: MetaStealer includes multiple variants that target browser data, cryptocurrency wallets, and cloud storage. It uses keylogging and screenshot capturing techniques.

Damage potential: Steals sensitive personal, financial, and login information, compromises user privacy, and can facilitate further attacks such as identity theft or fraud.

Overview

MetaStealer malware first emerged in March 2022 as an information stealer that targets personal and financial data. Up until today, cybercriminal groups have been using MetaStealer to steal sensitive information, including login credentials, cryptocurrency wallets, and cloud storage data.

Once MetaStealer infects a system, it stealthily collects and exfiltrates sensitive data such as browsing history, login credentials, and financial details to its command and control (C2) servers. MetaStealer is also capable of logging keystrokes and capturing screenshots, which help attackers gather valuable personal information for fraudulent activities.

Authorities link MetaStealer to cybercrime campaigns focused on identity theft, fraud, and other illicit financial activities.

Possible symptoms

MetaStealer can negatively impact system performance because it’s constantly collecting data and communicating with C2 servers. Symptoms of a MetaStealer infection include:

  • Sluggish or unresponsive system performance.
  • Unexpected system crashes or errors.
  • Unusual network activity or bandwidth spikes.
  • Unknown or suspicious processes running in Task Manager.
  • Increased CPU or memory usage.
  • Disabled or malfunctioning security software.
  • Redirection or alteration of web traffic.

Sources of the infection

Cybercriminals may use various methods to infect systems with MetaStealer:

  • Phishing emails. Attackers spread MetaStealer malware through phishing emails with malicious Excel (XLS) documents containing VBA macros. When you open the file and enable macros, the malware executes and infects your device. Some campaigns also use Google Ads to distribute trojanized software downloads.
  • Social engineering via malicious ads. Malicious advertisements (malvertising) on legitimate websites could distribute MetaStealer, and you might unknowingly download it by clicking on these ads.
  • Drive-by downloads. If you visit a compromised or malicious website and interact with its content by clicking links or ads, you might unknowingly download MetaStealer.
  • Embedding MetaStealer into compromised software. Attackers may bundle MetaStealer with software updates, free downloads from untrusted sites, or pirated software. If you install these programs, MetaStealer gains access to your system.
  • Exploiting network vulnerabilities. Cybercriminals may exploit security flaws in outdated systems, unpatched software, or weak network configurations to inject MetaStealer onto a target device.
  • Infecting USBs or removable media. MetaStealer may spread through infected USB drives or other removable media. It automatically installs on your system once you access the device.

Protection

The best way to protect against MetaStealer is to stay informed about information-stealing malware and the tactics attackers use to compromise your data. The most effective measures to protect against MetaStealer include:

  • Using antivirus and anti-malware software. Install and regularly update reliable antivirus software that includes detection for information-stealing malware.
  • Regularly updating systems and software. Keep your operating system, browsers, and all applications up to date to patch vulnerabilities.
  • Using Threat Protection Pro™. Purchase NordVPN with the advanced Threat Protection Pro™ feature, which blocks malicious sites and scans files for malware as you download them. 
  • Filtering email. Use advanced email filtering solutions to block phishing emails and malicious attachments that could deliver MetaStealer.
  • Avoiding suspicious links and attachments. Never click on unfamiliar links or suspicious attachments, especially from unknown senders, because they may contain malware.
  • Improving network security. Set up firewalls, intrusion detection systems, and endpoint protection to detect and block MetaStealer’s attempts to establish command and control connections.
  • Implementing multi-factor authentication (MFA). MFA adds an extra layer of security to your accounts that makes unauthorized access more difficult.
  • Monitoring network traffic. Use network monitoring tools to detect unusual activity that may indicate a malware infection.

Removal of MetaStealer

If you suspect MetaStealer has infected your system, immediately disconnect your device from the internet to cut communication with the malware’s C2 servers. Next, restart your computer in safe mode to limit MetaStealer’s ability to operate undetected.

Run a full system scan with reputable antivirus or anti-malware software to detect and remove MetaStealer. Follow the software’s recommended steps to ensure thorough malware removal. Allow the antivirus program to quarantine or delete any detected threats.

Once you have removed MetaStealer from your system, change all your online account passwords to strong, unique ones to protect your data. If the malware persists or you cannot remove it completely, contact a cybersecurity professional for help.