Risk:
| high |
Damage: |
|
Platform(s): |
Web Servers |
Advisory ID: |
|
Version: |
|
CVE: |
|
Published: |
|
Summary
There is a concerning development involving a new StrelaStealer malware campaign that has affected numerous organizations with most recent cases occurring in the United States and Europe, highlighting the necessity for Nigerian organizations to remain vigilant, as reports indicate widespread propagation. This campaign is specifically designed to target email account credentials. The sectors most heavily targeted by this campaign include finance, legal services, manufacturing, government agencies, utilities, and energy, among others. The potential consequences of these attacks are severe, ranging from data theft to financial losses and other forms of fraudulent activity. Therefore, it emphasizes the critical need for proactive measures to be taken to prevent such attacks from compromising our critical information infrastructures.
Description & Consequence
The current infection chain of StrelaStealer uses ZIP attachments to drop JScript files on a victim's system. When executed, the scripts drop a batch file and a base64-encoded file that decodes into a Dynamic Link Library (DLL). The DLL is further executed via rundll32.exe again to deploy the StrelaStealer payload. The malware also employs control flow obfuscation in its packing to complicate analysis and removes Program Database (PDB) strings to evade detection by tools relying on static signatures. The StrelaStealer's steals email login information from popular email clients and sends it to the attackers' command and control (C2) server. Thus, if a user clicks on a malicious link or attachment in a phishing email, StrelaStealer can be installed on their device. Once installed, the malware steals email login credentials, granting attackers access to victims' email accounts
Successful installation of StrelaStealer malware could result to the following:
- Theft of victim’s email credentials.
- Spear phishing attacks against the victim's contacts.
- Fraudulent activities from victim’s accounts.
- Exfiltration of sensitive information.
- Business email compromise (BEC) attack.
- Financial losses.
Solution
The following mitigation steps are further recommended:
- Avoid opening suspicious emails or clicking on insecure links.
- Consider deploying email security solutions to detect and block phishing emails.
- Enable multi-factor authentication to add an extra layer of security to email accounts.
- Back up essential data regularly for speedy recovery in case of malware attack.
- Regularly monitor systems for signs of malware infection.
Reference
Revision
