VERY IMPORTANT

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. The campaign is currently confined to Poland, Spain, Italy, and Germany. The malware employs an obfuscated JavaScript file delivered via email attachments to initiate the attack chain, evading detection through self-copying and encoding techniques. Once executed, it selectively infects non-Russian systems and steals email account information, sending it to a remote server.