The Microsoft Security Intelligence team said the STTRAT  campaign is using a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments.

“Attackers used compromised email accounts to launch the email campaign”, Microsoft said in a series of tweets last night.

“The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware.”

First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts.

According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.