216.73.216.133

StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe

· Published 25/06/2024 13:07 · Modified 25/06/2024 13:22

Export JSON

Essential information

Published
25/06/2024 13:07
Modified
25/06/2024 13:22
Tags
2024-06-25 javascript obfuscation stealer strelastealer
Related entities
5 observables, 10 techniques (mitre), 1 malware, 4 others

Description

Recent observations indicate a surge in spreading , a credential specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. The campaign is currently confined to Poland, Spain, Italy, and Germany. The malware employs an obfuscated file delivered via email attachments to initiate the attack chain, evading detection through self-copying and encoding techniques. Once executed, it selectively infects non-Russian systems and steals email account information, sending it to a remote server.

External references