Chrome and Firefox browsers targeted by Vega Stealer malware

Researchers at the security firm Proofpoint have taken note of a new malware that is honing in on the “Marketing/Advertising/Public Relations and Retail/Manufacturing” industries. The campaign is, according to a report from Proofpoint, finding most of its victims via attacks on Google Chrome and Mozilla Firefox browsers (although infected computers are also targeted). Dubbed Vega Stealer malware, it appears to be a variant of the August Stealer malware discovered (again by Proofpoint) in December 2016.

The main method of the campaign is sending phishing emails to individuals based on a mailing list. The mailing list contains targeted domains like “info@,” “clientservice@”, and “publicaffairs@” in the hopes that specific industry targets, the ones mentioned previously, are reached. The emails themselves contain an attachment with an executable macro that, when enabled, will begin its infection.

Proofpoint describes the process in detail as follows:

The macro retrieves the payload in a two-step process in which junk functions iterate while simultaneously building a string to be executed using a GetObject function. This string is the first request in the two-step process. The first request executed by the document retrieves an obfuscated JScript/PowerShell script. The execution of the resulting PowerShell script creates the second request, which in turn downloads the executable payload of Vega Stealer. The payload is saved to the victim machine in the user’s “Music” directory with a filename of “ljoyoxu.pkzip”. Once this file is downloaded and saved, it is executed automatically via the command line.

By utilizing the tried-and-true method of macro-cloaked malware, the attackers utilizing Vega Stealer malware are almost guaranteeing success. So what exactly does success look like in reference to this particular campaign? Outside of the known industry targets discussed earlier, it is not entirely obvious. There are some hints however as the Vega Stealer malware allows, for instance, attackers to access browser data that includes passwords, credit card data, and cookies.

The data-gathering stage is often the first step of a larger cyberattack, so it would be prudent for IT professionals in marketing, advertising, public relations, retail, and manufacturing to watch their networks closely. I have discussed the issues of macro-based malware attacks and how easy one can fall prey to them. On the flip side, with a little education, these attacks can be mitigated. Vega Stealer is only as strong as IT divisions and individuals allow it to be.

Featured image: Flickr / Christiaan Colen

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

2 days ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

2 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

2 days ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

3 days ago

IFA 2019: Smart TVs and even smarter wearables unveiled

What will be in your living room or on your wrist this year? It may very likely be one of…

3 days ago

Consider these SD-WAN technologies for faster, more reliable networking

As virtualization becomes a major part of organizations’ infrastructure, these SD-WAN technologies provide faster and more reliable networking solutions.

3 days ago