Security researchers have discovered a new strain of malware that can steal passwords and credit card details from Google Chrome.
The malware, dubbed Vega Stealer, was discovered by security firm Proofpoint who say it is being spread via a spam email campaign.
Users are tricked into opening an email that has a subject such as “item return” or “engagement letter”.
The email includes a Microsoft Word document called “brief.doc” that includes malicious macros containing the Vega Stealer malware.
“The document macro utilised in this campaign is a commodity macro that we believe is for sale and used by multiple actors, including the threat actor spreading Emotet banking Trojan, Proofpoint said in a blog post.
Once Vega Stealer has infected a computer it begins stealing passwords and sending them back to a server controlled by the hackers.
It also searches through files and folders for any documents that may contain passwords.
“While Vega Stealer is not the most complex or stealthy malware in circulation today, it demonstrates the flexibility of malware, authors, and actors, to achieve criminal objectives, Proofpoint explained.
“Because the delivery mechanism is similar to more widely distributed and mature threats, Vega Stealer has the potential to evolve into a commonly found stealer.
“Vega Stealer…could have longer lasting impacts if further developed and distributed. Due to the distribution and lineage, this threat may continue to evolve and grow.”
Researchers say the malware is a variant of another strain of malware called August Stealer that was targeting users in December 2016.
August Stealer worked by stealing saved passwords and other sensitive data from Chrome, Firefox and Opera.
The advice to users is to be wary of any suspicious looking email that may suddenly appear in the inbox.