Home » Technology » Malware Steals Microsoft Outlook And Thunderbird Email Accounts

Malware Steals Microsoft Outlook And Thunderbird Email Accounts


Security researchers have discovered a new malware that steals Outlook and Thunderbird email account credentials. The malware known as “StrelaStealer” has been active for a short time and little is known about its distribution.

This emerges from a report by Bleeping Computer . The new malware was detected in Spain, where it is currently active and is being spread via phishing emails.

Security researchers from DCSO_CyTec discovered the malware a few days ago. “StrelaStealer” is on the hunt for access data from Outlook and Thunderbird, two widely used e-mail clients. The malware is actively looking for the access data specifically for these two email clients.

This behavior differs from that of most information thieves who try to steal data from various data sources including browsers, cryptocurrency wallet apps, cloud gaming apps, the clipboard, etc., the new threat report states.

DLL order hijacking

StrelaStealer reaches the victim’s system via email attachments. ISO files are often lured into downloading. After the user tries to open the attachment, the malware is reloaded via DLL order hijacking.

Once the malware is loaded into memory, the default browser will open to display the decoy from the phishing email, making the attack less suspicious. However, when running, StrelaStealer already searches the “%APPDATA%\Thunderbird\Profiles\” directory for “logins.json” (account and password) and “key4.db” (password database) and filters their content on the hacker’s server. The search for Outlook accounts is similar.

Attachments Could Be Dangerous

Those affected usually don’t even notice the attack – and if they do, it’s already too late and the strangers have access to sensitive data. In order not to fall into the trap, we can only recommend never loading attachments without a preliminary check and always keeping anti-virus protection software up to date.