Ukraine is being hit by a widespread phishing campaign that distributes the Jester Stealer information-stealing malware, according to The Hacker News.
The Computer Emergency Response Team of Ukraine reported that threat actors have been sending phishing emails with the subject line "chemical attack."
Recipients opening the link within the email will be redirected to a macro-enabled Microsoft Excel document, which would then trigger infection with Jester Stealer, which has the capability to exfiltrate login credentials, credit card data, and other sensitive information.
"The hackers get the stolen data via Telegram using statically configured proxy addresses (e.g., within TOR). They also use anti-analysis techniques (anti-VM/debug/sandbox). The malware has no persistence mechanism it is deleted as soon as its operation is completed," said CERT-UA.
CERT-UA also noted that the Jester Stealer malware in the new campaign steals data through the HTTP protocol.
"Stolen authentication data will be sent to a web resource, deployed on the Pipedream platform, through the HTTP POST requests," it added.