The Russian authorities have arrested three people in Moscow who’re believed to be the creators and operators of the Meduza Stealer information-stealing malware.
The motion was introduced on Telegram by Irina Volk, a police normal and official from the Russian Ministry of Inside Affairs.
“A bunch of hackers who created the notorious ‘Meduza’ virus have been detained by my colleagues from the Division for Combating Cybercrime (UBK) of the Russian Ministry of Inside Affairs, along with cops from the Astrakhan area,” acknowledged Volk.
“Preliminary investigation established that about two years in the past, the perpetrators developed and started distributing software program known as ‘Meduza’ by hacker boards,” talked about the official.
Medusa is an infostealer that steals account credentials, cryptocurrency pockets knowledge, and different data saved in customers’ net browsers.
It was distributed to cybercriminals below a malware-as-a-service mannequin, by which entry was offered in change for a subscription charge.
Meduza was among the many extra technically superior data stealers on the darkish net market, able to “reviving” expired Chrome authentication cookies since December 2023 to facilitate account takeovers.
Researcher’ g0njxa’, who displays the info-stealer area intently, says the identical group of cybercriminals was additionally behind Aurora Stealer, a malware-as-a-service that gained traction in 2022.
Whereas Russia has a historical past of overlooking cybercriminal exercise inside its borders so long as the actors don’t goal Russian folks or organizations, Volk stated that some Meduza operators focused an establishment in Astrakhan, southern Russia, in Might and stole confidential knowledge from its servers.
This led the authorities to open a felony case towards the perpetrators below Half 2, Article 273 of the Russian Legal Code for the “creation, use, and distribution of malicious laptop packages.”
The acquired data helped the investigators decide that the three detainees had developed and had been distributing a botnet malware too, able to disabling safety protections on the goal techniques.
Volk concluded the general public assertion by saying that the authorities are actually working to determine all accomplices, so follow-up operations are doubtless.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration developments.
