More than 100 organizations in the U.S. and Europe have been subjected to a far-reaching StrelaStealer malware attack campaign aimed at exfiltrating email account credentials that peaked from late January to early February, BleepingComputer reports.
Organizations in the high tech sector were most targeted by the intrusions, followed by those in the finance, professional and legal services, manufacturing, and state and local government industries, according to a report from Palo Alto Networks Unit 42.
Attacks part of the campaign involved the delivery of phishing emails with ZIP attachments deploying JScript files, which when executed facilitates the execution of a DLL and the delivery of the StrelaStealer payload, representing a change from the old tactic that executed the malware through phishing emails with .ISO files.
While StrelaStealer's primary function is to compromise email credentials, the malware has been updated to better bypass detection through control flow obfuscation and PDB string removal, said researchers.