Security News > 2024 > March > Over 100 US and EU orgs targeted in StrelaStealer malware attacks
A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials.
StrelaStealer was first documented in November 2022 as a new information-stealing malware that steals email account credentials from Outlook and Thunderbird.
One notable characteristic of the malware was using a polyglot file infection method to evade detection from security software.
The malware operators used English and other European languages to adjust their attacks as needed.
StrelaStealer's original infection mechanisms from late 2022 have evolved, though the malware still uses malicious emails as the primary infection vector.
Exe again to deploy the StrelaStealer payload. Additionally, the newest version of the malware employs control flow obfuscation in its packing to complicate analysis and removes PDB strings to evade detection by tools relying on static signatures.
News URL
Related news
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)