We have been made aware of a type of malware called ‘The Vega Stealer Malware’, which is a variant of the ‘August Stealer’ malware. This threat contains a credential stealing functionality which is targeting saved login credentials and credit card details which have been specifically stored in Chrome. The malware is spread via email attachments that contain a word, excel or pdf document with malicious macros embedded within that downloads payload.
Name of Exploit
The Vega Stealer Malware
Type of Exploit
Malware, Credential theft, Exfiltration of data (specifically documents), Credit card credential capture
How Exploit is Spread
The malware is spread via email attachments that contain a word, excel or pdf document with malicious macros embedded within that downloads payload. When the document is opened by the user the macro executes, a payload, which is saved to the victim’s machine in the “Music” directory with a filename of “ljoyoxu[.]pkzip”. The malware is spreading via specific mailing lists.
Global Risk
Low – the strain of Malware has only been observed attacking specific mail lists. The details of the mailing list are set for a very narrow set of companies, specifically within the following industries: Marketing/Advertising/Public Relations and Retail industries. We have not been able to comment on why it is only targeting these industries only.