Recently, Proofpoint observed a campaign targeting Marketing/Advertising/Public Relations and Retail/Manufacturing industries with a new malware called Vega Stealer. The malware contains stealing functionality targeting saved credentials and credit cards in the Chrome and Firefox browsers, as well as stealing sensitive documents from infected computers. Vega is a variant of August Stealer with only a subset of its functionality as well as several important new features.
Vega Stealer keeps on working, and takes a screenshot of the infected PC and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf for exfiltration.
Proofpoint is urging users to be on the lookout for suspicious emails that may suddenly pop up in their inbox.
Vega Stealer communicates with a hardcoded C&C server using the HTTP protocol.
The best way to protect yourself from malware etc is by approaching all attachments with caution. If you don’t know where it came from, it’s better to ignore it.
Domains And IP’s To Block
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.