Security News > 2022 > November > New StrelaStealer malware steals your Outlook, Thunderbird accounts
A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients.
StrelaStealer arrives on the victim's system via email attachments, currently ISO files with varying content.
In a more interesting case seen by the analysts, the ISO contains an LNK file and an HTML file.
The x.html file is of particular interest because it is a polyglot file, which is a file that can be treated as different file formats depending on the application that opens it.
In this case, x.html is both an HTML file and a DLL program that can load the StrelaStealer malware or display a decoy document in the default web browser.
For Outlook, StrelaStealer reads the Windows Registry to retrieve the software's key and then locates the 'IMAP User', 'IMAP Server', and 'IMAP Password' values.