Weekly Email Security News Recap #2 [November 2022]

November continues to bring new email security breaches, hacking, and cybersecurity news headlines. Let’s uncover the latest stories.

The notorious Cloud9 Botnet has resurfaced, affecting users across the globe. Sparking a new wave of concern, the remote access trojan (RAT) malware infects browsers via a malicious extension disguised as a legitimate one. It can do everything from password attacks and cookie stealing to turning victims’ devices into crypto miners and bots.

But it’s not the only cybercrime concern. Cybersecurity researchers warn of “massive phishing campaigns” with five different malware targeting Indian bank users.

In November’s second recap of email security breach stories and cybersecurity news, we look at the U.S. DoJ’s second-largest-ever crypto seizure and new information-stealing malware targeting users of two popular email clients.

 

New StrelaStealer Malware Steals Outlook and Thunderbird Credentials

Two widely used email clients, Outlook and Thunderbird, have recently been targeted by a new information-stealing malware named ‘StrelaStealer’.

The malicious software is actively stealing email credentials, but the style differs from most info-stealers.

Generally, cybercriminals try to steal data from various data sources, like:

  • Cryptocurrency wallet apps
  • Browsers
  • Cloud gaming apps 
  • Clipboard data

The analysts at DCSO CyTec discovered the new malware first targeting Spanish-speaking users in early November this year.

StrelaStealer appears on the victim’s system via email attachments, currently ISO files with varying content.

The purpose-built malware spreads via Polyglots, files valid in two or more formats. It renders lure documents and, once executed, steals mail login data from Outlook and Thunderbird.

The cybersecurity firm’s investigation is ongoing, so whether the malware forms part of a targeted attack remains unknown.

 

DoJ Discovers $3.36 Billion Loot, Hidden for a Decade

On November 7th, the U.S. Department of Justice announced its second-largest crypto seizure.

Over a decade ago, in 2012, James Zhong stole 50,676 BTC from the illegal dark web marketplace Silk Road.

Last year, due to Zhong’s property search, the police found Bitcoin worth over $3.36 billion and other assets.

On Monday, November 7th, 2022, Zhong was found guilty of wire fraud. The criminal will be sentenced in February 2023 and could face up to 20 years in jail.

During the raid in Gainesville last year, Internal Revenue Service agents found the loot of 50,491 BTC hidden in an underground safe, on a single-board computer and even a popcorn can covered in blankets in the bathroom.

On James Zhong’s property, there was also:

  • Over 11 additional BTC
  • $661,000 in cash
  • Rare Casascius coins, which are physical iterations of Bitcoin (valued at 174 BTC)
  • Some metal bars (possibly silver and gold)

In a press release, the Department of Justice stated that Zhong has been collaborating with law enforcement since March 2022 and has relinquished 1,004 BTC thus far.

The DoJ said that Zhong invested the stolen funds in businesses and real estate, created a company, and displayed his lavish lifestyle on social media.

For ten years, the disappearance of 50,000 BTC puzzled law enforcement, but cutting-edge cryptocurrency tracing and investigations by IRS agents finally paid off.

 

Final Thoughts

That’s all for this week’s email security news and cybersecurity news recap. As you can see, cybercriminals aren’t slowing down. Quite the opposite. From looted crypto and powerful botnets to sophisticated info-stealing malware, malicious actors are doubling their efforts to exploit vulnerable systems. Don’t let the bad guys win. Protect your email domain and reputation the easy way—with EasyDMARC.

Email Security as a Service

Email Security as a Service

Email security is one of the most important aspects of any business. Why? Because email...

Read More
What’s the Difference Between SPF DKIM and DMARC?

What’s the Difference Between SPF DKIM and DMARC?

SPF, DKIM, and DMARC are the three most important email authentication protocols to prove...

Read More
How to Stop Spam Emails and Save Your Inbox [Corporate Email Edition]

How to Stop Spam Emails and Save Your Inbox [Corporate Email Edition]

Everyone agrees that email is fast becoming the preferred communication channel for businesses and...

Read More