Cybersecurity analysts at DCSO CyTec have discovered a new variant of StrelaStealer Malware, prompting the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) to urge users to deploy a combination of measures to protect themselves.
The StrelaStealer Malware has been aggressively collecting email account credentials from all versions of two popular email clients, Outlook and Thunderbird.
The DCSO CyTe analyst reported that “The StrelaStealer malware infects victims’ systems through email attachments, currently ISO files with a variety of contents (ISO files are archive files that contain an identical copy or image of data found on an optical disc, like a CD or DVD).
“Following the execution, the malware searches the appropriate directory for account and password databases and takes their data to transfer to a command-and-control server.
“Finally, the StrelaStealer checks for a specified response, confirms that the command-and-control server has received the data, and then terminates. Otherwise, it restarts this data-theft procedure after a one-second sleep period,” the cybersecurity analysts explained.
The malware is rated high in probability and impact.
NCC-CSIRT said the solution to the StrelaStealer Malware is to use robust malware protection mechanisms and to use a combination of personal awareness and well-designed protective tools to make one’s email client as secure as possible.
The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.
The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.