Beware: A New Phishing Scam Targets Over 100 Organizations in the US and Europe

In recent news, cybersecurity experts have uncovered a new series of phishing attacks spreading across the United States and Europe. This scam, known as StrelaStealer, is putting more than 100 organizations at risk. Researchers from Palo Alto Networks Unit 42 shared insights about these attacks, which cleverly disguise themselves as harmless emails. But don't be fooled—these emails come with dangerous attachments designed to steal information.

StrelaStealer isn't new; it was first noticed back in November 2022. What's worrying is that it's becoming smarter and more elusive. The scam targets various sectors, including technology, finance, government, and more, aiming to steal email login details and send them back to the hackers.

The technique of these cybercriminals is always evolving. They've moved from using one type of file attachment to another, making it harder for security systems to catch them. Recently, they've been sending emails that look like invoices with ZIP file attachments. Inside these ZIP files is a sneaky JavaScript file that starts the attack.

What makes StrelaStealer even more dangerous is its ability to hide its tracks, making it difficult for experts to study and understand it. The hackers are continually updating their methods, keeping security experts on their toes.

This isn't the only scam out there. Symantec, a part of Broadcom, has found fake software installers on popular platforms like GitHub, Mega, or Dropbox that also install malicious software. Other scams use malware like Revenge RAT and Remcos RAT, delivered through services that help hide malicious software.

One particularly cunning scam involves fake obituary notices. These are designed to appear in search results, leading unsuspecting people to websites that either redirect them to other sites or trick them into clicking ads or false virus alerts. These scams are not just annoying—they can be a front for more dangerous attacks, including stealing personal information.

The rise of these phishing campaigns shows that even those with basic hacking skills can cause significant harm by using available tools and services. It's a reminder of the constant need for vigilance in the digital world and the importance of keeping our information safe from these ever-evolving cyber threats.