Ukraine's Computer Emergency Response Team (CERT-UA) has warned of a massive malicious campaign distributing the Jester Stealer malware via phishing emails purporting to contain information about a “chemical attack.”
The phishing emails contain XLS documents laced with malicious macros, which, when opened, download and execute EXE file. This executable file fetches the payload, which is Jester Stealer, from compromised websites (not from the attacker-controlled infrastructure).
Jester Stealer is an information stealing malware able to collect credentials and other valuable data from Internet browsers, MAIL/FTP/VPN clients, crypto wallets, messengers, etc. The gathered data is then sent to an attacker-controlled Telegram channel via Tor network servers. The malware doesn’t have a persistence mechanism and deletes itself after finishing the tasks.
CERT-UA is tracking this campaign as UAC-0104.
Since the start of Russia’s invasion Ukraine has been the target of hundreds of cyberattacks. In April, the State Service of Special Communication and Information Protection of Ukraine said that since February 24 Ukraine has faced 362 cyberattacks, which is almost three times as many hacking attempts against the country’s systems as before the war. According to Microsoft, Russian state-backed hackers carried out more than 237 operations against Ukraine, including destructive attacks that are ongoing and threaten civilian welfare
Cybersecurity Help statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!