Crooks exploit chemical attack fears in Ukraine

Threat actors are playing on fears of conflict escalation in Ukraine by disseminating malware disguised as emails relating to a “chemical attack”, according to the country’s cybercrime watchdog.
The bogus messages contain a link to a document that triggers the JesterStealer malware when clicked upon, said the Computer Emergency Response Team (CERT) of Ukraine. Its investigation found that the infected files had been uploaded from websites that appear to have already been compromised.
“JesterStealer malware provides for the stealing of authentication and other data from internet browsers, VPN clients, cryptocurrency wallets, password managers, messengers, and game programs,” said CERT.
The stolen data is then transferred to a Telegram account belonging to the cybercriminals thought to be behind the attack, at which point the malware deletes itself.
At the time of writing, it is not known if this is the work of a Kremlin-backed or other state actor, or an independent gang simply motivated by greed.
Despite repeated attacks on its TV, radio, internet, and railway infrastructure by Russian cyber-soldiers, Ukraine has recently said it believes that the Kremlin’s cyberwar efforts have reached their limit, as it continues to thwart its foe in the technological arena.
More from Cybernews:
Ukraine accuses Russian hackers of tampering with civilian rescue operations
Russian passport details exposed by database leak
Ukraine accuses Russia of disabling the internet in Kherson and Zaporizhzhia
Ukraine left reeling by 'zombie' cyberattacks
West lists Russia-affiliated hackers, warns of attack on critical infrastructure
Subscribe to our newsletter
Your email address will not be published. Required fields are marked