While Windows 10 is often in the limelight as the target of the latest malware or ransomware, it certainly isn’t for a lack of effort on the part of Microsoft.
Microsoft’s Security Intelligence team was the latest to uncover a serious threat. StrRAT is a remote access trojan (that’s what the RAT stands for) that can steal passwords and credentials using a Java-based attack through malicious PDF attachments (via BGR).
The basic method for the malware attack is for the hackers to use a compromised email account to send a variety of emails with subject lines regarding payment and what appears to be an attached PDF. The email will direct the recipient to check or verify the information on the PDF as a way to entice them to open it.
Unlike other malware attacks, this does require that the user actually open the attachment; opening the email is not sufficient. If the PDF is clicked, then the StrRAT malware will be downloaded and installed without further intervention from the user and will allow it to steal passwords and browser credentials, begin logging keystrokes, and give the hacker remote control of the system.
The latest version of the Java-based STRRAT malware (1.5) was seen being distributed in a massive email campaign last week. This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them. pic.twitter.com/mGow2sJupNMay 19, 2021
One unusual detail is that the malware behaves somewhat like ransomware in that it will change the filename extension, but it does not actually encrypt the files. Whether it will evolve to do so isn’t yet clear, but for now, it doesn’t complete the action.
The good news is that Microsoft 365 Defender can detect and block the threat when it is originally received. If you are already a Microsoft 365 subscriber, you should verify that you have the antivirus component installed and running. If you don’t need the rest of what Microsoft 365 has to offer then you could consider an alternative antivirus service like Kaspersky, which would also be capable of handling these kinds of threats.