Security investigators from Palo Alto Networks have identified a new wave of attacks phishing for the purpose of distributing the info-stealer malware StrelaStealer. The attacks affect more than 100 organisations in the EU and the US.
Attackers send spam emails with attachments that eventually launch the DLL payload of the StrelaStealer malware.
“In an attempt to avoid detection, attackers change the original format of the attachment from one campaign to another to prevent detection“.
See also: Snake info-stealer malware: distributed via Facebook messages
StrelaStealer info-stealer malware was first disclosed in November 2022 and is designed to Collect data Connection and send them to a server controlled by the attackers.
Since then, two large-scale campaigns distributing the malware have been detected (in November 2023 and January 2024). The attacks target different sectors: Technology, finance, legal services, construction, government, energy, insurance in the EU and the US.
These attacks are aimed at delivering a new variant of the StrelaStealer malware that includes better technical obfuscation and avoidance of analysis, while spreading through email on the subject of invoices with ZIP attachments.
See also: Ransomware groups are using more infostealers
In the ZIP files there is a JavaScript file that installs a batch file. This starts the stealer DLL payload, using rundll32.exe.
The StrelaStealer info-stealer malware relies on various obfuscation tricks to make it difficult to analyze in sandbox environments.
What are the best methods of protection against info-stealer malware?
The first and most important method of protection is update and education. Users need to be aware of the techniques that attackers use to spread malware so that they can recognise and avoid them.
The installation of a reliable security software is another basic method of protection against info-stealer malware, such as StrelaStealer. This software should include antivirus, anti-spyware and anti-malware functions, as well as protection against phishing.
It is also important to keep the operating system and all applications up to date. The updates include fixes Security that can protect your computer from the latest threats.
See also: MacOS info-stealer malware avoid detection by XProtect
Η use of strong codes Accessed at and changing them regularly can protect your data from theft. Also, using a password manager can help manage and secure passwords.
Finally, the careful interaction with emails and the attached files are vital. Never open attachments or click on links from unknown sources because they may contain malware (e.g. StrelaStealer malware).
Source: thehackernews.com
