Threat Intelligence Report: Vega Stealer

We have been made aware of a type of malware called ‘The Vega Stealer Malware’, which is a variant of the ‘August Stealer’ malware. This threat contains a credential stealing functionality which is targeting saved login credentials and credit card details which have been specifically stored in Chrome. The malware is spread via email attachments that contain a word, excel or pdf document with malicious macros embedded within that downloads payload.

Name of Exploit

The Vega Stealer Malware

Type of Exploit

Malware, Credential theft, Exfiltration of data (specifically documents), Credit card credential capture

How Exploit is Spread

The malware is spread via email attachments that contain a word, excel or pdf document with malicious macros embedded within that downloads payload. When the document is opened by the user the macro executes, a payload, which is saved to the victim’s machine in the “Music” directory with a filename of “ljoyoxu[.]pkzip”. The malware is spreading via specific mailing lists.

Global Risk

Low – the strain of Malware has only been observed attacking specific mail lists. The details of the mailing list are set for a very narrow set of companies, specifically within the following industries: Marketing/Advertising/Public Relations and Retail industries. We have not been able to comment on why it is only targeting these industries only.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s