New MetaStealer malvertising

The "New MetaStealer" malvertising campaigns involve the distribution of a piece of malware called MetaStealer through malicious online advertisements. MetaStealer is a type of info-stealer malware that is designed to exfiltrate sensitive information from infected systems. The campaigns have been observed leveraging previous code base from RedLine and have been distributed through various channels, including malspam and malvertising. The developers of MetaStealer have announced the release of a new and improved version of the malware, indicating ongoing development and potential future threats. The campaigns have targeted users through ads for popular software such as Notepad++ and AnyDesk. These malvertising campaigns represent a significant threat to online security, as they can lead to the compromise of sensitive information and the potential for further malicious activity.

IoC

    MD5

• 2a4b0b65897e7fd494ad0aced7f42aeb
• 8ba7059cc766798bc3993b720f561c11

    SHA1

• 7cdcbd78194eeaa4e3793c5b19d84537ff71bb3c
• 891ad3e89d469f55245738a99c3e71e8a2a4fa42

    SHA256

• 949c5ae4827a3b642132faf73275fb01c26e9dce151d6c5467d3014f208f77ca
• 99123063690e244f95b89d96759ec7dbc28d4079a56817f3152834047ab047eb
• c5597da40dee419696ef2b32cb937a11fcad40f4f79f9a80f6e326a94e81a90f

    URL

• http://rawnotepad.com/notepad++.zip
• http://startworkremotely.com/Anydesk.zip

    DOMAIN

• cewgwsyookogmmki.xyz

REFERENCES

• https://cyware.com/news/new-metastealer-malvertising-campaigns-spotted-f4f882cc
• https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
• https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns/amp
• https://otx.alienvault.com/pulse/658469e72f85cfbf44de42a6

TAGS

metastealer, malvertising