March 25, 2024 at 12:11PM
The StrelaStealer malware has impacted over 100 organizations in the U.S. and Europe, targeting email account credentials. Originally targeting Spanish-speaking users, it now targets U.S. and European individuals. Its distribution through phishing campaigns has substantially increased, with evolved infection methods. The malware’s primary goal remains stealing email login information and users are advised to be cautious of unsolicited emails.
Key Takeaways from Meeting Notes:
1. A large-scale StrelaStealer malware campaign has targeted over 100 organizations in the US and Europe to steal email account credentials, impacting various sectors such as high tech, finance, legal services, manufacturing, government, utilities and energy, insurance, and construction.
2. The malware was initially seen targeting Spanish-speaking users but has since shifted its focus to people in the US and Europe.
3. StrelaStealer is distributed through phishing campaigns, which have seen a significant increase in volume since November 2023, including a spike in attacks in 2024.
4. The malware’s infection mechanisms have evolved, with the latest version employing ZIP attachments to drop JScript files on victims’ systems.
5. StrelaStealer now utilizes control flow obfuscation in its packing to complicate analysis and removes PDB strings to evade detection by tools relying on static signatures.
6. The primary function of StrelaStealer remains the same: to steal email login information from popular email clients and send it to the attackers’ command and control server.
Recommendation: Users should exercise caution when receiving unsolicited emails, particularly those related to payments or invoices, and refrain from downloading attachments from unknown senders.