Skip to content Skip to footer

New Phishing Attacks Target Organizations with StrelaStealer Malware

In a new report published today, researchers have uncovered a new wave of phishing attacks spreading an ever-evolving information stealer called StrelaStealer. According to the report, these campaigns have impacted over one hundred organizations in the E.U. and the U.S.. They are being delivered as spam emails with attachments that eventually launch the StrelaStealer's DLL payload.

To avoid detection, attackers change the initial email attachment file format from one campaign to the next, making it difficult for security software to identify and block the . Since its first appearance in November 2022, StrelaStealer has been used in two large-scale campaigns, one in November 2023 and another in January 2024, targeting a variety of sectors, including high tech, finance, professional and legal, manufacturing, , energy, insurance, and construction, in the E.U. and the U.S.

The report also notes that the attacks aim to deliver a new variant of the stealer that includes better obfuscation and anti-analysis techniques. The variant is being propagated via invoice-themed emails bearing ZIP attachments, marking a shift from ISO files. Within the ZIP archives is a JavaScript file that drops a batch file, which, in turn, launches the stealer DLL payload using rundll32.exe, a legitimate Windows component responsible for running 32-bit dynamic-link libraries. The stealer also relies on a bag of obfuscation tricks to render analysis difficult in sandboxed environments.

The researchers further revealed that threat actors update the email attachment and the DLL payload with each new wave of email campaigns, making it even more challenging for security software to detect and prevent these attacks.

The report also highlights that fake installers for well-known applications or cracked software hosted on , Mega, or Dropbox are being used as a conduit for a stealer known as Stealc. Additionally, phishing campaigns have been observed delivering Revenge RAT and Remcos RAT, with the latter delivered via a cryptors-as-a-service () called AceCryptor, as per ESET.

The report also warns that even unskilled threat actors can leverage -as-a-service () schemes to conduct successful attacks at scale and take sensitive information, which can be monetized further for profit. Despite their mediocre technical skills, these threat actors can achieve their goals using just two tools: legitimate remote access services and inexpensive .

As these attacks become more sophisticated, it's important to stay vigilant and take appropriate measures to protect your organization's sensitive information. It's crucial to ensure that all employees are aware of the risks associated with phishing attacks and that they remain cautious when opening emails from unknown sources or clicking on links or attachments in emails. Additionally, implementing security software and keeping it up to date is essential to prevent attacks like these from infiltrating your network.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

You would probably lose your header if it weren't compiled on.Tron

Deitasoft © 2024. All Rights Reserved.