New Trojan Found to Impersonate Ransomware | #microsoft | #hacking | #cybersecurity

A new STRRAT version has been found by a group of Microsoft cybersecurity specialists.  It is a Java-based malware that is disguised like ransomware to rob personal data stored on infected computers. This is yet another threat to be addressed, as the harm it causes is very significant.  

As noted by ZDNet, the malicious software is distributed via an extensive campaign for phishing. The malware is sent to victims through compromised e-mail addresses, allegedly payment-related messages. In most cases, the messages are accompanied by a  PDF file or picture.

The PC connects to a C2 server which downloads the malware while trying to open the file to see the information it supposedly contains. Thus, STRRAT starts working with a dual goal on the infected machine: stealing confidential information and turning the attention of the user to combat the false threat.

The report shows that STRRAT includes the .crimson extension to existing machine files. Thus, users assume that their data were hijacked by ransomware. The malware creates a back door in Windows to steal information, as the victims try to recover the supposedly encrypted products.

Furthermore, they can access usernames and passwords behind the attack, record all entries on the keyboard, and execute remote and PowerShell commands.

Microsoft researchers noted “STRRAT version 1.5 is noticeably more confusing and modular than previous versions, but the backdoor functions remain the same”.

STRAAT malware will be spread to more victims

Given the ability of the malware to access usernames and passwords, the e-mail account exploited is more than likely to spread new phishing emails to STRRAT. However, since the malware campaign is based on phishing emails, precautions can be taken to avoid being a new target of the attack.

It is highly recommended to use an antivirus in order to detect and recognize threats. This can also help prevent malicious emails from being sent to inboxes in the first place, reducing the chance of anyone opening the message and clicking the malicious connection.

Original Source link

Leave a Reply

Your email address will not be published.

− 2 = eight