Published in News

Vole says beware of the rat

by on21 May 2021

Remote access trojan pretends to be ransomware

The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack.

The Microsoft Security Intelligence team said the STTRAT  campaign is using a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments.

“Attackers used compromised email accounts to launch the email campaign”, Microsoft said in a series of tweets last night.

“The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware.”

First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts.

According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.

Last modified on 21 May 2021
Rate this item
(0 votes)

Read more about: