• Thu. Aug 17th, 2023

Meduza Targeted More Than 70 Cryptocurrency Wallets

Jul 24, 2023
Meduza Targeted 70+ Cryptocurrency Wallets
Marcel Bich
Latest posts by Marcel Bich (see all)

A search for 76 cryptocurrency wallets, including browser extensions, was conducted by the virus program Meduza Stealer. According to cybersecurity experts at the company Uptycs. 

The Technique

Since it doesn’t target victims’ machines if their IP addresses originate from the region of the CIS nations, the malware was most likely built in the Russian Federation or Belarus, according to the blog post that was published. Additionally, the virus’ creators are identified in the “Telegram” in both Russian and an English dub.

The malware is made available to hackers via a subscription service, costing $199 for a month’s work, $399 for three, or $1,199 for a perpetual license. The owner of the virus may screenshot the victim’s desktop, grab browser data, and other information about Discord, Steam, and system files by infecting the victim’s Windows device.

Cryptocurrencies are given extra attention by the malware. Seventy-two cryptocurrency wallets, including MetaMask, Trust Wallet, Phantom, Binance Wallet, Guarda, OneKey, Opera Wallet, and others, are the targets of Meduza Stealer. 

The malware also accesses the data of Geth software clients, including Bitcoin Core, Dash Core, Monero Core, Dogecoin Core, and Litecoin Core, in addition to wallets. Users were advised by Uptycs not to read dubious emails or download anything from unidentified websites.


In 2023, subscription-based viruses have grown in popularity among online thieves. An earlier edit said that 57 bitcoin wallets are the target of another BlackGuard information thief. The criminals paid $200 for a month’s worth of virus operation at the time, and $700 for an infinite version.

The phrase “the stealer drags a pancake really everything that is possible” [the style and spelling of the original is kept] was used by one of the Russian-speaking online offenders going by the handle hyipblock2.