Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
How should we protect 1Password from the Meduza Stealer?
The following link is to an article listing 1Password as a target for the Meduza Stealer.
https://www.techrepublic.com/article/meduza-stealer-targets-browser-variants-crypto-wallets-password-manag...
GreyM1P
1Password Team
1Password Team@phawtrey
I added a firewall to my system in addition [...] which is probably more than most of us need
Both macOS and Windows come with their own built-in firewalls, and they cause very little friction (if any) by being turned on. I only ever had trouble previously when I tried to remotely connect to my home Mac and forgot to allow an incoming connection for that - no-one to blame but me for that, and it's probably not something that a lot of users will do.
Firewalls will protect from outside connections to your computer, and they absolutely have our thanks for that, but in these days of phishing emails, scam websites, and so on, other vectors are worth bearing in mind. To put it another way, why sticky-tape a message around a brick and throw it through someone's window, when you could just neatly place in an envelope, and slip it through their front door? Different route, but ultimately the same result. One will make someone realise they're under attack, and the other might just be seen as junk mail. That's a bad example, but the point still stands. Nowadays, malware is more like a vampire – it can't just come in without being invited, so it tries its hardest to make you do that.
I did not quite understand the note about how "The malware specifically targets extensions"
Browser extensions run code, just like any other app. They just so happen to do that within the environment of the parent browser. So in this case, it seems like Meduza isn't targetting any particular browser (probably since those are regularly updated and generally well-armoured) but rather the "juicier" contents of specific extensions, if they can get away with it.
But clearly, if it is well known it should be easily blocked
My casual armchair analysis of this shows that there's pretty good awareness of this in the security community, but it looks like no actual attacks have taken place as of time of writing. So although it's absolutely not just a theoretical attack, it also hasn't happened yet, so I'd be surprised if it'll just sneak past defences if it does appear in the wild.
As with a lot of things in the security world, the standard approach of "Don't panic, but do pay attention" generally serves us well.
You give sound advice
Thank you! :) The team and I will be here if you need anything.
