• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Vega Stealer malware steals passwords & card data from Chrome & Firefox

May 12th, 2018 Waqas Security, Malware 0 comments
Vega Stealer malware steals passwords & card data from Chrome & Firefox
Share on FacebookShare on Twitter

The IT security researchers at Proofpoint have discovered a new malware developed to steal saved login and credit card credentials from Chrome and Firefox browsers. Apart from credential stealing capability, the malware also steals sensitive documents from the targeted device.

Dubbed Vega Stealer by researchers; the malware is a variant of August Stealer which was discovered in December 2016 stealing saved passwords, documents, and other sensitive data from Skype, Opera, Chrome and Firefox browsers.

Vega Stealer is being distributed through a spam email campaign with different subject lines including “Online store developer required.” The email comes with a Microsoft document attachment called “brief.doc” containing malicious macros which once enabled downloads the Vega Stealer payload.

Once Vega Stealer infects a targeted system it starts stealing data and searches the victim’s desktop and sub-directories for files in different formats including .doc, .docx, .txt, .rtf, .xls, .xlsx, .pdf.” This is done for exfiltration after which the malware sends the stolen data to a remote command and control (C&C) server.

Vega Stealer malware steals passwords & card data from Chrome & Firefox

Screenshot of the document containing Vega Stealer (Credit: Proofpoint)

Furthermore, like its predecessor, Vega Stealer malware is also written in .NET and shares similar classes. However, August did not have this hard-coded in the malware but rather configurable in the C&C panel.

Moreover, the Chrome browser stealing functionality in Vega is a subset of the August code; August also stole from other browsers and applications, such as Skype and Opera. Vega’s new functionality includes new network communication protocol and expanded Firefox’s stealing functionality.

For now, the prime target of Vega Stealer is advertising, marketing, PR, retail, and manufacturing sector. However, researchers believe that the obfuscated macros used in this campaign are for sale and used by not one but multiple threat actors including those behind Emotet banking trojan.

“The document macro utilized in this campaign is a commodity macro that we believe is for sale and used by multiple actors, including the threat actor spreading Emotet banking Trojan,” said Proofpoint researchers.

“However, the URL patterns from which the macro retrieves the payload are the same as those used by an actor we are tracking who distributes the Ursnif banking Trojan, which often downloads secondary payloads such as Nymaim, Gootkit or IcedID. As a result, we attribute this campaign to the same actor with medium confidence.”

“While Vega Stealer is not the most complex or stealthy malware in circulation today, it demonstrates the flexibility of malware, authors, and actors, to achieve criminal objectives,” the firm’s researchers said. “Because the delivery mechanism is similar to more widely distributed and mature threats, Vega Stealer has the potential to evolve into a commonly found stealer.”

“Vega Stealer…could have longer lasting impacts if further developed and distributed. Due to the distribution and lineage, this threat may continue to evolve and grow,” researchers concluded.

For your security, it is advised to avoid clicking unknown links and downloading attachments sent by anonymous users. Also, scan suspicious files on VirusTotal and keep your system up to date.

  • Tags
  • Banking
  • Cyber Crime
  • Fraud
  • hacking
  • Macros
  • Malware
  • Microsoft
  • Scam
  • security
  • TROJAN
Facebook Twitter LinkedIn Pinterest
Previous article Hacker access critical code of British cell operator EE
Next article Anonymous hacks Russian Govt website against ongoing censorship
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
X-rated social media app Fleek exposed explicit photos of users

X-rated social media app Fleek exposed explicit photos of users

Top Tips to Upscale Your Netflix Security Instantly

Top Tips to Upscale Your Netflix Security Instantly

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers compromised IObit forum to spread DeroHE ransomware
Hacking News

Hackers compromised IObit forum to spread DeroHE ransomware

46
X-rated social media app Fleek exposed explicit photos of users
Leaks

X-rated social media app Fleek exposed explicit photos of users

63
Top learning management system (LMS) software for small businesses
Technology News

Top learning management system (LMS) software for small businesses

584

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us