Microsoft Warns of Malware Campaign Spreading a Remote Access Trojan Masquerading As Ransomware

The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack:

According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. “Attackers used compromised email accounts to launch the email campaign,” Microsoft said in a series of tweets last night. “The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware.” First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.

If you get an email with a PDF that you didn’t expect, delete it. It’s a safe bet that antivirus definitions will be updated to stop this malware from attacking you. But you should be on your toes anyway.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: