The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack:
According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. “Attackers used compromised email accounts to launch the email campaign,” Microsoft said in a series of tweets last night. “The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware.” First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.
If you get an email with a PDF that you didn’t expect, delete it. It’s a safe bet that antivirus definitions will be updated to stop this malware from attacking you. But you should be on your toes anyway.