Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Vega Stealer

Researchers have discovered a new malware which can steal sensitive information from Google Chrome and Firefox browsers, whilst also mine files from infected devices. The malware – Vega Stealer which is a variant of August Stealer finds and steals credentials such as passwords, saved credit and debit card details and cookies from Google Chrome, whilst when the Firefox browser is in use, Vega Stealer targets specific files which store sensitive information.

Not only does the malware steal information, but also captures screenshots of the infected device, scanning files that end in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf.

Researchers say the malware is being used for small phishing attacks, with the potential to become a threat to businesses in the future.

So how is it spreading?

Hackers are sending emails with the subject line ‘Online store developer required’, to businesses and individuals. Within the email there is an attachment called ‘brief.doc’ which contains the malicious macros, and once opened, downloads the Vega Stealer payload on the device which will be saved in the Music directory by the name “ljoyoxu.pkzip.”

Despite it not being the most sophisticated phishing campaign, it highlights the dangers of downloading attachments from unknown sources.

To protect yourself from falling victim to these types of online scams, never click on suspicious links or download attachments from unknown sources.

If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, click here to find out how MetaCompliance can help. Our MetaPhish Platform has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. 

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations