Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers

By on

Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, but also a security risk. This especially the case due to the emergence of Vega Stealer, a malware strain aiming to capitalize on that very short cut, and is designed to harvest saved financial data from Google Chrome and Firefox browsers.

Vega Stealer makes its way through the web through a common cybercriminal tactic – phishing emails. Once it spreads via these nasty notes, Vega swoops personal information that has been saved in Google Chrome, including passwords, saved credit cards, profiles, and cookies. Mind you, Firefox also has a target on its back, as the malware harvests specific files that store various passwords and keys when Firefox in use. But Vega Stealer doesn’t stop there, it also takes a screenshot of the infected machine and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf.

As of now, it has not been determined who exactly is behind these browser attacks (though the strain seems to be related to August Stealer malware), but we do know one thing for sure:  Vega is quite the thief. The good news is – there are many ways you can protect yourself from the nasty malware strain. Start by following these tips:

  • Change your passwords. With Vega Stealer eager for credentials, the first thing you should do is change up your existing login information to any accounts you access using Chrome or Firefox. And, of course, make sure your new passwords are strong and complex.
  • Be on the lookout for phishing scams.If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Stop Autofill on Chrome. This malware is counting on the fact that you store financial data within your browser. To stop it in its tracks, head to your Google Chrome account and go to settings. Scroll down to “Passwords and Forms,” go to “Autofill Settings,” and make sure you remove all personal and financial information from your Google Chrome Autofill. Though this means you’ll have to type out this information each time you want to make a purchase, your personal data will be better protected because of it.
  • Stay protected while you browse. With Vega Stealer attacking both Chrome and Firefox browsers, it’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: ,

2 comments on “Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers

  • A screenshot? That seems odd! Is that for real?

    And what do you mean it scans for certain documents? Does it upload their contents too?

    • Yep! It takes a screenshot, saves it as a .png file, and sends that screenshot (and the docs it finds, to answer your other question) to the Command and Control server it answers to.


Leave a Comment

Similar articles

Analytics 101

By on
From today’s smart home applications to autonomous vehicles of the future, the efficiency of automated decision-making is becoming widely embraced. Sci-fi concepts such as “machine learning” and “artificial intelligence” have been realized; however, it is important to understand that these terms are not interchangeable but evolve in complexity and knowledge to drive better decisions. Distinguishing ...
Read Blog
A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim's contact list. What's more, the author of the Cerberus ...
Read Blog
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions ...
Read Blog