Cybersecurity researchers have discovered a new wave of phishing attacks designed to distribute an information stealer called StrelaStealer.
These attacks have impacted over 100 organizations in the E.U. and the U.S., according to a report by Palo Alto Networks Unit 42 researchers.
The attackers use spam emails with attachments to deliver the StrelaStealer’s DLL payload, constantly changing the attachment file format to avoid detection.
First identified in November 2022, StrelaStealer can steal email login data from popular email clients and send it to a server controlled by the attackers.
Recent campaigns have targeted various sectors in the E.U. and the U.S., delivering a new variant of the stealer with enhanced obfuscation and anti-analysis techniques.
The stealer is propagated through invoice-themed emails with ZIP attachments containing a JavaScript file that drops a batch file to launch the DLL payload using rundll32.exe.
These attacks are difficult to analyze in sandboxed environments due to obfuscation techniques employed by the malware.
Threat actors constantly update the email attachments and the DLL payload in each new wave of campaigns.
Meanwhile, Symantec has reported that fake installers for popular applications hosted on platforms like GitHub are distributing a stealer malware known as Stealc.
Phishing campaigns have also been observed delivering Revenge RAT and Remcos RAT, with the latter being distributed through a cryptors-as-a-service called AceCryptor.
In the second half of 2023, Rescoms became the most prevalent malware family packed by AceCryptor, with distribution mainly in Poland and other European countries.
Various malware strains, including SmokeLoader, STOP ransomware, and RanumBot, have been disseminated via AceCryptor and PrivateLoader.
Another social engineering scam targets individuals seeking information about deceased individuals, leading them to fake obituary notices hosting adware and unwanted programs.
A new activity cluster known as Fluffy Wolf utilizes phishing emails with executable attachments to deliver threats like MetaStealer, Warzone RAT, and XMRig miner.
Threat actors are using legitimate remote access services and inexpensive malware to conduct successful attacks and monetize stolen information.
This highlights the evolving nature of cyber threats and the need for strong cybersecurity measures.
