10 May 2022

Ukraine warns of a phishing campaign delivering JesterStealer malware


Ukraine warns of a phishing campaign delivering JesterStealer malware

Ukraine's Computer Emergency Response Team (CERT-UA) has warned of a massive malicious campaign distributing the Jester Stealer malware via phishing emails purporting to contain information about a “chemical attack.”

The phishing emails contain XLS documents laced with malicious macros, which, when opened, download and execute EXE file. This executable file fetches the payload, which is Jester Stealer, from compromised websites (not from the attacker-controlled infrastructure).

Jester Stealer is an information stealing malware able to collect credentials and other valuable data from Internet browsers, MAIL/FTP/VPN clients, crypto wallets, messengers, etc. The gathered data is then sent to an attacker-controlled Telegram channel via Tor network servers. The malware doesn’t have a persistence mechanism and deletes itself after finishing the tasks.

CERT-UA is tracking this campaign as UAC-0104.

Since the start of Russia’s invasion Ukraine has been the target of hundreds of cyberattacks. In April, the State Service of Special Communication and Information Protection of Ukraine said that since February 24 Ukraine has faced 362 cyberattacks, which is almost three times as many hacking attempts against the country’s systems as before the war. According to Microsoft, Russian state-backed hackers carried out more than 237 operations against Ukraine, including destructive attacks that are ongoing and threaten civilian welfare

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!

Back to the list

Latest Posts

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

The suspect registered 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware.
26 May 2022
US automaker General Motors hit with credential stuffing attack

US automaker General Motors hit with credential stuffing attack

Social Security numbers and driver’s license details weren’t compromised, the company said.
25 May 2022
Popular Python and PHP libraries altered to steal AWS keys

Popular Python and PHP libraries altered to steal AWS keys

In both cases the attacker appears to have taken over packages that have not been updated in a while.
25 May 2022