A new malware dubbed Vega Stealer is now targeting saved credentials and payment card info saved in users’ Chrome and Firefox browsers. The malware is a variant of August Stealer and also attempts to steal sensitive documents from infected computers.
According to a Proofpoint report, the Vega cyber campaign has been targeting a narrow list of companies in the Marketing/Advertising/Public Relations, as well as Retail and Manufacturing industries.
Companies and users should be aware that the Vega phishing campaigns have used the subject line “Online store developer required” and malicious attachment loaded with macros named “brief.doc” are used to download the Vega malware payload.
Proofpoint was able to block the low-volume phishing campaign as recently as May 8. The company also observed a similar campaign the day prior on May 7 that used several macro documents (e.g., “engagement letter.doc”) to download malicious malware August Stealer.
This threat also serves as a reminder that users should never save credentials/passwords or payment card info in browsers.