The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack:
According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. “Attackers used compromised email accounts to launch the email campaign,” Microsoft said in a series of tweets last night. “The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware.” First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.
If you get an email with a PDF that you didn’t expect, delete it. It’s a safe bet that antivirus definitions will be updated to stop this malware from attacking you. But you should be on your toes anyway.
Like this:
Like Loading...
Related
This entry was posted on May 20, 2021 at 12:20 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Microsoft Warns of Malware Campaign Spreading a Remote Access Trojan Masquerading As Ransomware
The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack:
According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. “Attackers used compromised email accounts to launch the email campaign,” Microsoft said in a series of tweets last night. “The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware.” First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.
If you get an email with a PDF that you didn’t expect, delete it. It’s a safe bet that antivirus definitions will be updated to stop this malware from attacking you. But you should be on your toes anyway.
Share this:
Like this:
Related
This entry was posted on May 20, 2021 at 12:20 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.