Microsoft Security Intelligence discovered a new STRRAT malware that can infect Windows devices using compromised email accounts.
The team of security researchers explained that this new Java-based remote access trojan, or RAT, is popular for its ability to fake ransomware attacks and other advanced data theft capabilities. On the other hand, Microsoft's security researchers previously explained in a series of tweets that this new STRRAT malware can be a pretty massive email campaign. They added that it can spread fake ransomware payloads easily.
STRRAT malware can do this by using various compromised email accounts. However, the involved security experts didn't confirm if the malware's developers are the ones who hacked these emails, or if they bought them from other cybercriminals.
To give you a better idea, here's how the new STRRAT malware works.
Microsoft Says STRRAT Malware Uses Infected PDF
According to the National Cybersecurity News' latest report, the new STRRAT malware will send PDF attachments using the compromised emails. Since these are not fake accounts, they can easily lure many victims into accessing the malicious files.
Once the unsuspecting users click the malicious PDF files, their Microsoft Windows devices will get infected by the new STRRAT malware.
"The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware," explained Microsoft Security Intelligence.
"This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," added the team of security experts.
Furthermore, Microsoft said that this new malware is serious because it is designed to fake a ransomware attack while stealing its victim's data in the background.
Identifying an Infected Email Message
Since the new STRRAT malware can't infect your Windows device unless you open the infected PDF attachment, the best thing you can do is check the email message and the account sender before opening their message.
College of Engineering provided the things you need to check before you access any file sent by an unknown contact. Here are some of them that you should know:
- If an email encourages you to follow a link, there's a high chance it is an email scam.
- Always check the information verification.
- Check if the email account's name is familiar. If it doesn't match an expected address for a company, it probably has malware.
- Check if the email account has the "Undisclosed-recipients/unlisted-recipients" tag.
For more news updates about STRRAT malware and other new computer viruses, always keep your tabs open here at TechTimes.
This article is owned by Tech Times
Written by: Griffin Davis