Advisory ID: NCC-CSIRT-1114-054
Summary: Cybersecurity analysts at DCSO CyTec, discovered a new variant of StrelaStealer Malware. The malware has been aggressively collecting email account credentials from Outlook and Thunderbird, two popular email clients.
Vulnerable Platform(s): Email
Threat Type: Malware
Description: The analyst claims that the StrelaStealer malware infects victims' systems through email attachments, currently ISO files with a variety of contents (ISO files are archive files that contains an identical copy or image of data found on an optical disc, like a CD or DVD). Following execution, the malware searches the appropriate directory for account and password databases and takes their data to transfer to a command-and-control server. Finally, the StrelaStealer checks for a specified response, confirms that the command-and-control server has received the data, and then terminates. Otherwise, it restarts this data-theft procedure after a one-second sleep period.
Consquences: Access email account login information
Impact: High
Probability: High
Solution:
- Use robust malware protection mechanism
- Use a combination of personal awareness and well-designed protective tools to make your email client as secure as possible.
References
-
https://www.bleepingcomputer.com/news/security/new-strelastealer-malware-steals-your-outlook-thunderbird-accounts/
-
https://www.hkcert.org/security-news?item_per_page=10&year%5B%5D=2022&month%5B%5D=11
-
https://medium.com/@DCSO_CyTec/shortandmalicious-strelastealer-aims-for-mail-credentials-a4c3e78c8abc