Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
Complex obfuscation techniques significantly complicate the detection of malware.
A new report by Unit 42 researchers from Palo Alto Networks reports on the identification of a new series of phishing attacks that aim to spread malicious software called StrelaStealer. This threat affects more than 100 organizations in the European Union and the United States.
Attacks are carried out through spam messages with attachments that launch the StrelaStealer DLL payload. To avoid detection, attackers periodically change the attachment file format in the initial email.
The StrelaStealer malware, first discovered in November 2022, is designed to steal email account data from popular email clients and send it to a server controlled by attackers.
Since the beginning of the malware's use, researchers have recorded two large-scale campaigns using this malware: one of them was in November 2023, and the other in January 2024. Both campaigns targeted the technology, finance, professional and legal services, manufacturing, energy, insurance, construction, and government agencies sectors.
In the latest iteration of the attacks, hackers used invoice-related emails with ZIP archive attachments. Inside them were JavaScript files that ran a batch file that initiates the loading of a malicious DLL component through a legitimate Windows tool "rundll32.exe". StrelaStealer is reported to use various obfuscation techniques that make it difficult to analyze in isolated environments.
This malware campaign serves as a reminder of the need to continuously raise awareness and take appropriate security measures to protect sensitive data and critical systems from modern threats such as StrelaStealer and the like.
A new report by Unit 42 researchers from Palo Alto Networks reports on the identification of a new series of phishing attacks that aim to spread malicious software called StrelaStealer. This threat affects more than 100 organizations in the European Union and the United States.
Attacks are carried out through spam messages with attachments that launch the StrelaStealer DLL payload. To avoid detection, attackers periodically change the attachment file format in the initial email.
The StrelaStealer malware, first discovered in November 2022, is designed to steal email account data from popular email clients and send it to a server controlled by attackers.
Since the beginning of the malware's use, researchers have recorded two large-scale campaigns using this malware: one of them was in November 2023, and the other in January 2024. Both campaigns targeted the technology, finance, professional and legal services, manufacturing, energy, insurance, construction, and government agencies sectors.
In the latest iteration of the attacks, hackers used invoice-related emails with ZIP archive attachments. Inside them were JavaScript files that ran a batch file that initiates the loading of a malicious DLL component through a legitimate Windows tool "rundll32.exe". StrelaStealer is reported to use various obfuscation techniques that make it difficult to analyze in isolated environments.
This malware campaign serves as a reminder of the need to continuously raise awareness and take appropriate security measures to protect sensitive data and critical systems from modern threats such as StrelaStealer and the like.
