A new malware campaign is targeting Google Chrome and Mozilla Firefox browsers to steal credentials and other sensitive data, according to researchers at Proofpoint. Dubbed “Vega Stealer,” the malware is being spread via phishing emails targeting marketing, advertising, public relations, retail, and manufacturing companies. Attached to the email is a word document containing malicious macros that, when enabled, download the Vega Stealer malware.
Once the system is infected, the malware steals passwords, saved credit card data, autofill profile information, cookies from Chrome, and specific passwords and keys from Firefox. Additionally, Vega Stealer can take a screenshot of the victim’s system and search for files on the system that end in .doc , .docx , .txt , .rtf , .xls , .xlsx , or .pdf and, if found, send these files to the threat actor’s Command and Control (C2) server. Proofpoint believes that this campaign could be connected to the same threat actors behind the Ursnif banking Trojan.
Preferred Business Systems recommends Chrome and Firefox users and administrators review the Proofpoint report and educate end users about this and similar threats. PBS wants to remind users to never click on links or open attachments delivered with unexpected or unsolicited emails. Additionally, if end users have received and taken action on these emails, contact PBSimmediately . PBS provideds special training on how to spot such Phishing Emails. If you have any questions please reach out to us.