This latest variant of malware can steal user credentials from a wide variety of popular programs. Applications highlighted include Google Chrome, Chromium-supported browsers like Microsoft Edge, Outlook, Discord, and NordVPN.
Cisco Talos explained what happens if your credentials are stolen: “Once the credentials are retrieved by target applications, they are sent with a filename that includes the username, two-letter country ID, unique computer ID, and time stamp , uploaded to the exfiltration server for when the file was created.
“Uploaded credential files begin with information about the user and the infected system, the configuration options and processes that were run, followed by the credentials retrieved, delimited by lines of target application names.”
So far, this malware campaign has not reached the UK or the US, targeting regions such as Italy, Turkey and Spain. Cisco Talos emails indicate that attackers are targeting specific business goals.