Beware of Vega Steeler, a new browser credential harvesting malware

Recently, cybersecurity researchers discovered Vega Stealer, a new malware that harvests login credentials stored in browsers such as Chrome and Firefox.

Currently, there is only a relatively small phishing campaign for the aforementioned malware, but researchers from Proofpoint said that it has the potential to become a common threat to businesses in the future.

It is said that Vega Stealer is a variant of August Stealer, written in .NET. August Stealer has the capacity to sniff out sensitive documents, steal login credentials, and even cryptocurrency on infected machines.

The new malware is quite similar in terms of functionality, and it goes even beyond the previous version by accessing the network communication protocol and data stored in Firefox and Chrome. For example, it can locate stored passwords, profiles, cookies, and credit card data.

Unfortunately, the list does not end there. Vega Stealer also scans the machine for file extensions of documents that could potentially hold something of value (.doc, .docx, .pdf, .txt, .xls, etc.)

If you’re working in the following industries, you need to be especially careful, since the campaign is targeting these specific areas:

– Marketing

– Public relations

– Retail

– Manufacturing

– Advertising

Be on the lookout for emails with headlines such as “Online store developer required”, because they often contain the malware in question. Specifically, the filename “brief.doc” is what contains the malicious code. Upon launching it, it proceeds to download the Vega Stealer payload that’s retrieved in two steps.