Vega Stealer

What is Vega Stealer?

Vega Stealer is an incredibly malicious and clandestine infection that was created to steal sensitive information. According to research team, August Stealer is the progenitor of this malicious threat, and we know for a fact that it has a much wider approach when it comes to personal data. This devious infection can take any file and record information from a variety of applications. The threat we are discussing in this report works on a smaller scale, and it appears that it mainly targets Google Chrome and Mozilla Firefox web browsers.

Is it possible that this malicious infection could grow and become much more powerful in the future? Of course, it is; however, this is not the case at this point, and so we have to review what we see. If the infection evolves and starts using new features, our research team will update you as soon as possible. Right now, we need to talk about the removal of Vega Stealer. First and foremost, this infection is fileless, and it operates from the computer’s memory. That is why getting this threat deleted is not a simple task.

How does Vega Stealer work?

The malicious Vega Stealer is a variant of an even more malicious August Stealer. According to malware researchers, the newer threat has only a portion of the functionality, but it has a few new features as well. Well, why did the creator choose to build a threat that appears to be weaker? The thing is that no one knows if these threats were created by the same actor. Most likely, parties that have no connection to one another are responsible, and that is because the code of this malware is available to anyone who is willing to spare some money. Based on the latest information, it appears that the code sells for just $100, and that is not a lot, considering how much cyber criminals can gain. Both August and Vega are built to steal information, and it can be extremely valuable.

August Stealer was found to be capable of stealing crypto-currency wallets, which can be turned into profit almost instantly. It was found that if victims do not delete Vega Stealer, they could also experience financial loss because this infection can record credit card data if it is stored on Chrome or Firefox web browser. Besides that, the threat can also record passwords and usernames, as well as information stored within web cookies. For example, on Firefox, such information can be found in key3.db, key4.db, and logins.json files. It also can send files that are stored on the Desktop. In a remote C&C server cyber criminals can review DOC, PDF, TXT, RTF, and XLS files that are obtained for any useful information.

Of course, before it can start stealing data and transferring files to a remote server, Vega Stealer has to find its way into the operating system. Just like its predecessor, this malware uses spam emails to gain access to vulnerable systems. According to our research team, spam with a corrupted file attachment is not distributed randomly. Instead, it is sent to specific companies that are linked to marketing, e-commerce, retail, advertising, etc. The emails are created to look legitimate, and so the addresses and subject lines (e.g., “Item return”) are meant to raise no suspicion. Along with a misleading message, a fake Word Document file (.doc) is sent, and if it is opened, macros needs to be enabled. If the victim does that, they unknowingly let in the malicious infection, and they are unlikely to delete Vega Stealer in time.

A special PowerShell script is executed, and then Vega Stealer is downloaded. In one example, the payload was saved to the Music directory on the computer as a file named “ljoyoxu.pkzip”. If such a file exists, it must be removed immediately.

How to remove Vega Stealer

It is essential to look for Vega Stealer-related files, but we cannot guarantee that you will find them. In some cases, fileless malware does use files, but removing it manually can be almost impossible. In this case, if deleting Vega Stealer is not an option, reinstalling Windows might be the only solution. Needless to say, companies who have faced this malware cannot just reinstall their systems. They also need to take a good look at their security tools and measures to ensure that similar attacks do not occur in the future. Victims also need to make sure that no sensitive information was leaked and used in a malicious manner. Needless to say, if data of customer-related information is stolen, these customers need to be informed about the incident immediately. 100% FREE spyware scan and
tested removal of Vega Stealer*


Leave a Comment

Enter the numbers in the box to the right *