New Vega Stealer Malware Targets Chrome and Firefox Browsers

Vega stealer, which is a new malware, is targeting browsers such as Chrome and Firefox and applications such as Word. This malware has the capability to steal credit card credentials and passwords stored in popular web browsers. It takes sensitive information from the compromised computers. At present, this malware is targeting public relations, marketing, advertising, manufacturing and retail industries. But as time goes by, this threat might persist to become advance and evolve into a common threat.

Threats like Vega stealer, which are precisely targeted corporate threats, hint at more trouble which is yet to arrive. Most of the times, corporate credential theft allows the threat actors to form a beachhead in order to penetrate further into corporate systems as well as networks. It is being doled out through emails, as a file attachment named as brief.doc. Distribute

Proofpoint was the first one to observe this malware. It said that Vega Stealer is a variant of the famous August Stealer. This information stealer was first identified when a low-volume mail campaign was spotted by Proofpoint using subject lines which had the phrases “Item return” and “Our company need online store from scratch.” This email campaign was directed at lists of people and individuals. However, all the potential victims were placed in the same target group, and in each case, the email included a document containing malicious macros which the receivers had to enable.

 Once the victim downloads and opens the phishing email, a two-step process gets initiated. The first step which is executed by the malware retrieves a muddled JavaScript/PowerShell Script. The second step is started as a result of the execution of the PowerShell script. The resulting PowerShell script downloads Vega Stealer’s executable payload. This payload is saved in the Music directory in the victim’s computer. The file is automatically executed through the command line after it has been downloaded and saved.

Vega Stealer steals saved credentials and credit card details from Google Chrome and Mozilla Firefox browsers. Apart from taking data from the browsers, it can also exfiltrate programs like Excel, Word, PDF and text files from the infected computer. Vega Stealer’s stealing functionality on Chrome is a subset of the August stealer code.

The new functions of Vega Stealer include new network communication protocol along with an extended Firefox stealing functionality. Even though Vega Stealer is not the most advanced or surreptitious malware being circulated at present, it reveals the flexibility of malware. It might have long-lasting effects if it is developed and distributed further. This malware threat may grow because of distribution and lineage.

McAfee, a globally renowned cyber security company, is now working on new security features for the protection of several devices from malware.  With McAfee antivirus, you can safely surf the web without worrying about the ever-persisting online threats. McAfee antivirus provides you complete security, and it also secures your Web Browsers and emails. It flags and blocks suspicious and harmful websites. To know more about McAfee antivirus, go to www.McAfee.com/activate or McAfee.com/activate.

Leave a Reply