Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Info-stealer ‘Vega Stealer’ Uncovered


A malicious program which has been named Vega Stealer is making the rounds seeking for stealing credit card data and saved credentials within the Web-browsers Firefox and Chrome. Whilst the payload isn't currently too dangerous, researchers have warned about its capability for evolving into an increasingly worrying threat later.


Security Company Proofpoint that first detected Vega Stealer stated that the malicious program was August Stealer in a new version with some functionality components of the original malicious threat, along with more features.


The August Stealer sample filches information by swiping payments card data and sensitive credentials stored inside Firefox and Chrome. The info stealer as well grabs files from the contaminated PCs, reports Proofpoint researchers.


When spotted for the first time, Vega Stealer was spreading through an e-mail campaign of low volume, during early May, with captions such as "Our company need online store from a scratch," and "item return." The campaign targeted specific groups of people or individuals while the phishing electronic mail carried one file having malicious macros which the victimized user was made to enable. Scmagazine.com posted this on the Web dated May 11, 2018.


The most recent functionalities of Vega are widened stealing ability in Firefox and a fresh protocol of network communication. It has been found that when victims enable the malicious macros, Vega's payload gets restored through dual phases. First the file works out a request which restores a hidden PowerShell or JavaScript. Thereafter another request gets created that pulls down the payload into the music folders of the victimized end-user. Following these, the malware starts running automatically. For extracting data from the host PC, Vega hunts out and shoves onto its C&C server files having extensions .txt, .docx, .doc, .pdf, .xlsx, .xls and .rtf.


The computer language used for writing Vega Stealer is .NET. The strain is devoid of obfuscation or packing techniques for, it is quite stripped down. According to Proofpoint, even as Vega might be an extraordinary variation of August that is specific to the aforementioned phishing attack, there were signs of it being utilized increasingly widely during the forthcoming period.

» SPAMfighter News - 5/22/2018

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page