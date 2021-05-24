A group of Microsoft cybersecurity specialists detected a new version of STRRAT. It is a Java-based malware that “disguises itself” as ransomware to steal personal information stored on infected computers. It is one more threat to which we must pay attention, since the damage it can cause is really important.

According to what was reported by ZDNet, the distribution of this malicious software occurs through a large-scale phishing campaign. Malware is delivered to victims via hacked email addresses, with messages supposedly related to payments.

An image is attached to the messages that masquerades as a PDF file. When trying to open the file to see the information it supposedly contains, the PC connects to a C2 server which downloads the malware. In this way, STRRAT begins to operate on the infected machine with a double objective: to steal sensitive information and to divert the user’s attention to fight a wrong threat.

STRRAT, the malware that masquerades as ransomware

The report indicates that STRRAT incorporates the extension .crimson to existing files on the computer. Thus, users believe that they are victims of ransomware and that their data is “hijacked”. However, it is simply a distractionAs the victims try to recover the supposedly encrypted items, the malware creates a back door in Windows to steal information.

In this way, the hackers behind the attack would have the ability to access usernames and passwords. They could also record everything that is entered via the keyboard, execute remote commands and PowerShell. “STRRAT version 1.5 is noticeably more confusing and modular than previous versions, but the backdoor functions remain the same,” Microsoft researchers noted.

When running on a system, STRRAT connects to a C2 server. Version 1.5 is notably more obfuscated and modular than previous versions, but the backdoor functions mostly remain the same: collect browser passwords, run remote commands and PowerShell, log keystrokes, among others. – Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021

Malware is one of the historical threats that affects Windows computers. While there are more and more tools to prevent their access to a PC, common sense is still the most valuable utility. For this reason, it is always recommended not to open attachments from suspicious addresses, especially when the emails address issues related to payments and finances.

