Attacks with a more potent and covert iteration of the Strela Stealer email credential stealer have been deployed in Central and Southwestern Europe, particularly Germany and Spain as part of a new attack campaign, reports Cybernews.
Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a WebDAV-retrieved DLL that loads the updated Strela Stealer variant, which pilfers and exfiltrates Outlook and Thunderbird credentials, as well as system information, only after verifying devices located in Germany and Spain, according to an analysis from Cyble Research and Intelligence Labs. "The recent iterations of the Strela Stealer campaign reveal a notable advancement in malware delivery techniques, highlighting increased sophistication and stealth. By employing spear-phishing emails that contain ZIP file attachments, the malware successfully circumvents conventional security defenses," said researchers, who urged the strengthening of phishing education efforts for employees, WebDAV server access controls, and endpoint security solutions.