A malspam campaign distributing the new META infostealer, which has no relation to the organization formerly known as Facebook, has been identified by several security researchers, including Brad Duncan at Unit 42. Infostealers are Remote Access Trojans (RAT) whose initial activity focuses on stealing credentials such as stored passwords, access tokens, cryptocurrency wallet information, credit cards, email data, and other data of interest to threat groups. A number of new infostealer malware options have recently entered dark web marketplaces after the formerly popular Raccoon Stealer reportedly shuttered operations due to the Ukraine-Russia war, including META, FFDroider, and Lightning Stealer. META currently is offered to monthly subscribers for $125 and to lifetime subscribers for $1000. META currently accomplishes initial exploitation via social engineering email recipients to enable a macro on a malicious Microsoft Excel document, which then attempts to evade detection by downloading obfuscated files from multiple sites such as GitHub before reassembling them into the RAT.