Vega Stealer Malware Takes Aim at Chrome, Firefox
A malware dubbed Vega Stealer has been uncovered, looking to make off with saved credentials and credit-card information in the Chrome and Firefox browsers. While it’s a simple payload for now, researchers said it has the ability to evolve into something more concerning in the future.
Proofpoint, which was first to observe the bad code making the rounds in the cyber-firmament, said the malware is a variant of
August Stealer. It has a subset of the parent malware’s functionality as well as additional features.
In addition to stealing browser data, Vega shares the ability to exfiltrate Word, Excel, PDF and text files from an infected machine, just as August does (Proofpoint pointed out that August however does not have this hard-coded in the malware, but rather configurable in the C&C panel). Also, the Chrome browser stealing functionality in Vega is a subset of the August code; August also stole from other browsers and applications, such as Skype and Opera.
Vega’s new functionality includes new network communication protocol and expanded Firefox stealing functionality.