Vega Stealer

If you are working in a field of marketing, advertising, public relations or retail/manufacturing, you should be aware of a new malicious application that can steal sensitive information from your company’s computers – Vega Stealer. This infection is a new version of August Stealer, and it was detected for the first time at the beginning of May, 2018. Both these information stealers are written in the same programming language .NET and even share similar classes; however, specialists can now say with confidence that August Stealer is slightly more harmful since it can be used to steal more information. Of course, it does not mean that Vega Stealer is a mild infection that cannot cause any problems. We can assure you – it is serious malware that will definitely cause security-related problems. Unfortunately, it takes time for victims to realize that they have encountered Vega Stealer because this threat, just like other hazardous applications, enters computers illegally and works completely in the background. It does not have an interface too, so it is, without a doubt, quite a challenge to detect it without an antimalware scanner. Has it already turned out that Vega Stealer affected your company’s computers? If this is exactly what has happened, the removal of this malicious application is the first thing that needs to be done. Unfortunately, there is a possibility that cyber criminals already have some private information in their hands.

Vega Stealer targets a narrow set of companies, so individual PC owners should not encounter this infection. This info-stealing malware slithers onto computers illegally; however, users contribute to the entrance of this threat themselves in most cases. To be more specific, they open the malicious document (Word Document) and enable Macros as required. As has been observed, these emails have subjects like Online store developer required. In other words, they are disguised as important emails that require immediate attention. During the analysis, specialists made a discovery that these malicious emails were sent to info@, clientservice@, and publicaffairs@ at certain domains. In this case, they contained the brief.doc attachment. The name of the malicious file might change, so it is very important not to open emails sent from unknown senders, especially if they have the .doc filename extension appended, in order not to encounter new malware.

As you already know, Vega Stealer has been developed by cyber criminals to steal information from companies. Even though it is considered less harmful if compared to its predecessor August Stealer, it might still cause a ton of problems since it steals saved information from Mozilla Firefox and Google Chrome browsers. To be more specific, it can get passwords, saved credit card details, including card number, expiration date, and cardholder, profiles information, and, finally, cookies. It steals all those details from Google Chrome. As for Mozilla Firefox, it searches for key3.db, key4.db, logins.json, and cookies.sqlite files in the \\Mozilla\\Firefox\\Profiles folder. These files should store passwords and keys, according to the official Mozilla Firefox documentation. What is more, Vega Stealer might also check .doc, .docx, .rtf, .xls, .xlsx, and .pdf documents on the affected computer. If any valuable information is found, it will be sent to the Command and Control (C&C) server.

Vega Stealer and its predecessor August Stealer are not the only malicious applications that steal information from victims’ computers. No doubt similar threats can be purchased in underground hacker forums. Because of this, all computers containing valuable private information should have a security application enabled on them. In addition, companies should educate their employees how to recognize malicious emails in order to prevent the entrance of new harmful malware in the future.

It should be possible to delete Vega Stealer from affected computers manually. Victims need to delete malicious files linked to this infection from Desktop, Downloads, and Temp folders. Also, they need to take care of the malicious .doc file that has dropped Vega Stealer. Without a doubt, the automatic malware removal method is several times easier if compared to the manual one. In this case, users simply need to perform an in-depth scan with a reputable antimalware scanner to clean their systems.

Vega Stealer removal guide

1. Access Windows Explorer (Win+E).
2. Check %USERPROFILE%\Downloads, %USERPROFILE%\Desktop, and %TEMP% directories on your computer.
3. Delete all suspicious files, including the malicious .doc file opened.
4. Empty Trash.