Russian law enforcement has announced the arrest of two individuals believed to be the administrators of the Meduza Stealer malware operation. The Ministry of Internal Affairs of Russia (MVD) reported that the suspects, both residents of the Tomsk region, were detained by its Department “K” unit, which specializes in combating high-tech crimes.

The investigation was initiated following a complaint from a Russian commercial organization. The company reported that its computer network had been illegally accessed and that sensitive data had been stolen. The MVD’s subsequent technical investigation successfully linked the intrusion directly to the use of the Meduza Stealer malware.

Investigation and Arrests

Following the digital trail, authorities identified the two suspects in the Tomsk region. During searches conducted at their residences, law enforcement officials seized computer equipment, mobile phones, and bank cards relevant to the case. A criminal case has been opened against the pair under Article 273 of the Criminal Code of the Russian Federation, which pertains to the creation, use, and distribution of malicious computer programs.

The individuals are currently under a written undertaking not to leave their place of residence while the investigation continues. The decisive action from Russian authorities underscores the consequences of targeting domestic entities, a move often avoided by cybercriminals operating within the country to evade local prosecution.

Details of the Meduza Stealer Malware

The Meduza Stealer is a potent information-stealing malware designed to exfiltrate a wide range of data from infected computers. Its capabilities include harvesting information from web browsers, such as saved logins, passwords, cookies, and browsing history. It also targets cryptocurrency wallet data and gathers detailed system information from compromised devices.

The malware was promoted and sold on Russian-speaking hacking forums using a malware-as-a-service (MaaS) subscription model. Prices for the service ranged from $199 for a monthly subscription to $1,199 for an annual plan, with a lifetime access option available for $1,699. By attacking a Russian organization, the operators violated a common unwritten rule within the cybercrime community, which directly led to their identification and arrest.

Source: https://www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/