New malware can steal information from Chrome, Firefox browsers
Researchers have discovered a new malware called Vega Stealer which can harvest/steal saved information from Chrome and Firefox browsers, and also mine files from targeted computers. The malware is currently only being used in small phishing campaigns but researchers believe that it can be used to carry out major organization-level attacks in the future. Here is more on it.
The kind of information Vega Stealer can mine
Vega Stealer can steal saved data like passwords, credit cards, profiles, cookies, and payment information in Chrome. In Firefox, the malware harvests specific files like 'key3.db,' 'key4.db,' 'logins.json,' and 'cookies.sqlite' which are used to store different passwords and keys. It can also scan the infected machine for files ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf for exfiltration.
Vega Stealer is a variant of a crypto-malware
Vega Stealer is a variant of another malware called August Stealer which steals credentials, sensitive documents, and cryptocurrency wallet details stored in Chrome and Firefox browsers.
Vega Stealer spread via phishing e-mails pretending to offer jobs
Vega Stealer is spread via phishing e-mails with subject lines like "Online store developer required." They contain an attachment called "brief.doc" in which some malicious macros is embedded. Opening it downloads the Vega Stealer payload on the device which will be saved in the Music directory by the name "ljoyoxu.pkzip." Once on the host machine, the malware runs and extracts information automatically.
The malware is contained in a compromised Microsoft Word file
While some e-mails are sent to targeted individuals, most are sent to distribution lists like 'info@', 'clientservice@', and 'publicaffairs@'. The malware is primarily aimed at people working in marketing, advertising, public relations, and retail/ manufacturing fields.