Scam of the Week – Vega Stealer

May 17, 2018 2:51 pm Geraldine Strawbridge

Researchers have discovered a new malware which can steal sensitive information from Google Chrome and Firefox browsers, whilst also mine files from infected devices. The malware – Vega Stealer which is a variant of August Stealer finds and steals credentials such as passwords, saved credit and debit card details and cookies from Google Chrome, whilst when the Firefox browser is in use, Vega Stealer targets specific files which store sensitive information.

Not only does the malware steal information, but also captures screenshots of the infected device, scanning files that end in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf.

Researchers say the malware is being used for small phishing attacks, with the potential to become a threat to businesses in the future.

So how is it spreading?

Hackers are sending emails with the subject line ‘Online store developer required’, to businesses and individuals. Within the email there is an attachment called ‘brief.doc’ which contains the malicious macros, and once opened, downloads the Vega Stealer payload on the device which will be saved in the Music directory by the name “ljoyoxu.pkzip.”

Despite it not being the most sophisticated phishing campaign, it highlights the dangers of downloading attachments from unknown sources.

To protect yourself from falling victim to these types of online scams, never click on suspicious links or download attachments from unknown sources.

If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, click here to find out how MetaCompliance can help. Our MetaPhish Platform has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.