Danger for Outlook and Thunderbird users: new malware targets access

Victims are usually lured into downloading manipulated ISO files. In one case, it contained the “msinfo32.exe”. The “StrelaStealer” is then downloaded via this. Upon execution, it specifically searches for access data.

Thunderbird looks for logins.json and key4.db under %APPDATA%ThunderbirdProfiles. The content is then sent to the attackers.

In Outlook, the malware searches for IMAP user, IMAP server and IMAP password under registry key HKCUSOFTWAREMicrosoftOffice16.0OutlookProfilesOutlook9375CFF0413111d3B88A00104B2A6676. The password is decrypted with CryptUnprotectData before the data is also sent to hackers.

Users can protect themselves by generally being cautious. Do not open attachments in e-mails from unknown senders and do not run suspicious programs under any circumstances.

Source link