CERT-UA, a Ukrainian government emergency response team under the State Customs Service of Ukraine, revealed a mass distribution of "chemical attack" emails. The e-mails contain a link to an XLS-document with a macro, the opening of which will result in the computer being infected by the malicious program JesterStealer. CERT-UA specialists note that files are downloaded from compromised web resources. The JesterStealer program steals authentication and other data from Internet browsers, MAIL/FTP/VPN-clients, cryptocurrency wallets, password managers, messengers and game programs. Stolen data is sent to attacker in Telegram. After stopping the program is deleted.