Vega Stealer Malware can Steal Saved Credentials in Firefox and Google Chrome

Be aware of any social engineering tactics that can be used by hackers to steal data

Researchers have come across a new malware variant named Vega Stealer, which is designed to harvest saved financial data from Google Chrome and Firefox browsers.

At present, the malware is only being used in small phishing campaigns and not major organisational level attacks.

The malware is a variant of crypto-malware August Stealer that locates and steals credentials, sensitive documents, and cryptocurrency wallet details stored in the Chrome and Firefox browsers from infected machines.

How are hackers spreading the malware?
The malware is being spread through phishing campaigns. Phishing emails are sent with subjects lines like-  "Online store developer required,". While some of the emails that are being sent are targeted, most messages are sent to distribution lists.

The email contains an attachment called "brief.doc" in which malicious macros download the Vega Stealer payload.

The payload is then retrieved and saved in the victim's "Music" directory with the name "ljoyoxu.pkzip." Once the executable is in place, Vega Stealer automatically executes via the command line in order to begin gathering information.

What can the malware do?
When the Firefox browser is in use, the malware gathers specific files having various passwords and keys such as "key3.db" "key4.db", "logins.json", and "cookies.sqlite".

Besides this, the malware also takes a screenshot of the infected machine and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf for exfiltration.

Safety tips that should be followed:
* If you are running an organization, train your employees and make them aware of the common phishing attacks. Hackers often target employees in order gain confidential information about the company.

* Before interacting with any email, the first thing you should do is look up the sender of the email. There is a favourable chance that you might get to know about the authenticity of the email just by looking at the sender. For example, if the email claims to be coming from the Government and the sender email is say: then you know that the email is a phishing scam. Moreover, if it is from a spoofed domain like instead of (L instead of I), then it’s definitely a fake email.

* Be aware of any social engineering tactics that can be used by hackers to steal data.

* Use strong alphanumeric passwords and never use the same password for more that one.

* DO NOT click the link unless you are 100 percent sure that it's from a trusted source. Before clicking on a link always hover over the text of the link and see where it is redirecting, also check that the link should have HTTPS

* Never leave your system unattended.

* Do not connect to unknown WiFi networks.

* Use two-factor authentication wherever possible.

Tags assigned to this article:
Vega Stealer Malware Credentials firefox google chrome


Around The World