Yesterday we met Jupyter, the malware that may be “hibernating” on thousands of mobiles and computers since last summer, waiting to wake up and attack. And today it’s time to meet other malware that are actually several, to the point that Avast has called it “the family.”
The Meh malware family
The security experts and creators of Avast antivirus have analyzed a family of Windows malware called Meh, a password stealer that also has multiple functionalities, among which are:
The key registry
Ad fraud – clicking on ads while user is inactive
Downloading other malware from torrent programs
Theft of money from cryptocurrency wallets
Meh also has a remote access tool (RAT), capable of performing different actions, from obtaining passwords for browsers and email accounts, to reading files and restarting computers, while the advertising fraud function waits until a computer is inactive to click on ads.
Main objective: Spain
According to Avast, “Meh’s main objective is users in Spain”. And since June 2020, the company has:
– Avoided more than 88,000 attacks targeting Avast users in Spain
– Blocked more than 2,000 attacks directed at users in Argentina
– Blocked more than 1,500 users in Mexico.
Based on the findings of Meh’s analysis, Avast researchers believe that the malware could spread “through Torrent file-sharing sites,” with the ‘peer-to-peer’ protocol of the sharing system.
How to protect yourself? Well, the solution is quite simple: Do not download files from any torrent website. According to Jan Rubin, Avast Malware Researcher, “Torrent downloads often include malware, which users may not notice when downloading files, so we always advise users to stick to trusted services rather than turn to file-sharing platforms. “