If you purchase via links on our site, we may receive affiliate commissions.

Crooks exploit chemical attack fears in Ukraine

Senior Journalist

Updated on: 10 May 2022

Threat actors are playing on fears of conflict escalation in Ukraine by disseminating malware disguised as emails relating to a “chemical attack”, according to the country’s cybercrime watchdog.

The bogus messages contain a link to a document that triggers the JesterStealer malware when clicked upon, said the Computer Emergency Response Team (CERT) of Ukraine. Its investigation found that the infected files had been uploaded from websites that appear to have already been compromised.

“JesterStealer malware provides for the stealing of authentication and other data from internet browsers, VPN clients, cryptocurrency wallets, password managers, messengers, and game programs,” said CERT.

The stolen data is then transferred to a Telegram account belonging to the cybercriminals thought to be behind the attack, at which point the malware deletes itself.

At the time of writing, it is not known if this is the work of a Kremlin-backed or other state actor, or an independent gang simply motivated by greed.

Despite repeated attacks on its TV, radio, internet, and railway infrastructure by Russian cyber-soldiers, Ukraine has recently said it believes that the Kremlin’s cyberwar efforts have reached their limit, as it continues to thwart its foe in the technological arena.