Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer

Description

Cybercriminals are exploiting the US tax season to deploy Stealerium malware, targeting citizens through sophisticated phishing campaigns. The attack utilizes deceptive email attachments with malicious LNK files, leading to the execution of PowerShell scripts and the download of a PyInstaller-packaged executable. This payload injects into mstsc.exe and deploys Stealerium, an information-stealing malware that exfiltrates sensitive data from browsers, cryptocurrency wallets, and popular applications. The malware employs anti-analysis techniques, creates a hidden directory, and registers with a command and control server. It steals credentials from various sources, including browsers, gaming platforms, and messaging apps, while also capturing webcam images and Wi-Fi passwords.