Malware

Microsoft warns of data stealing malware that pretends to be ransomware

0

Microsoft warns of a “massive email campaign” that uses a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.

The Microsoft Security Intelligence team stated that the RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them.

The new wave of attacks which was found by the company last week, commences with spam emails sent from compromised email accounts having the subject line “Outgoing Payments” tricking the recipients into opening malicious PDF documents that claim to be remittances, but in reality, connect to a rogue domain to download the STRRAT malware.

Besides establishing connections to a command-and-control server during execution, the malware comes with several features that allow it to collect browser passwords, log keystrokes, and run remote commands and PowerShell scripts.

STRRAT first emerged in June 2020, with German cybersecurity firm G Data observing the Windows malware (version 1.2) in phishing emails containing malicious Jar (or Java Archive) attachments.

G Data malware analyst Karsten Hahn stated that the RAT focuses on stealing credentials of browsers and email clients, and passwords via keylogging. It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird.

However, its ransomware capabilities are basic in that the “encryption” stage only renames files by suffixing the “.crimson” extension.  If the extension is removed, the files can be opened as usual.

Microsoft also notes that version 1.5 is more obfuscated and modular than previous versions, suggesting that the attackers behind the operation are actively working to improvise their toolset. 

Image credits : Krebsonsecurity

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Data of over 100 million Android users exposed

    Previous article

    E-commerce giant Mercari suffers major data breach

    Next article

    You may also like

    More in Malware

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *