Vega Stealer Malware Targets User Credentials and Credit Card Numbers

A new malware campaign is targeting Google Chrome and Mozilla Firefox browsers to steal credentials and other sensitive data, according to researchers at Proofpoint. Dubbed “Vega Stealer,” the malware is being spread via phishing emails targeting marketing, advertising, public relations, retail, and manufacturing companies. Attached to the email is a word document containing malicious macros that, when enabled, download the Vega Stealer malware. Once the system is infected, the malware steals passwords, saved credit card data, autofill profile information, cookies from Chrome, and specific passwords and keys from Firefox. Additionally, Vega Stealer can take a screenshot of the victim’s system and search for files on the system that end in .doc.docx.txt.rtf.xls.xlsx, or .pdfand, if found, send these files to the threat actor’s Command and Control (C2) server. Proofpoint believes that this campaign could be connected to the same threat actors behind the Ursnif banking Trojan. The NJCCIC recommends Chrome and Firefox users and administrators review the Proofpoint report and educate end users about this and similar threats, reminding them never to click on links or open attachments delivered with unexpected or unsolicited emails. Additionally, if end users have received and taken action on these emails, isolate the affected systems from the network and perform a full system scan using a reputable anti-malware solution. Proactively monitor and change passwords to any financial, personal, or business accounts accessed on infected systems and enable multi-factor authentication where available.