Security News > 2021 > May > Microsoft: Massive malware campaign delivers fake ransomware
A massive malware campaign pushed the Java-based STRRAT remote access trojan, known for its data theft capabilities and the ability to fake ransomware attacks.
In a series of tweets, the Microsoft Security Intelligence team outlined how this "Massive email campaign" spread the fake ransomware payloads using compromised email accounts.
"The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware," Microsoft said.
As the Microsoft Security Intelligence team mentioned in their tweets, the STRRAT malware is designed to fake a ransomware attack while stealing its victims' data in the background.
G DATA malware analyst Karsten Hahn said in June 2020 that the malware infects Windows devices via email campaigns pushing malicious JAR packages that deliver the finally RAT payload after going through two stages of VBScript scripts.
As Microsoft found while analyzing last week's massive STRRAT campaign, the malware developers haven't stopped improving it, adding more obfuscation and expanding its modular architecture.
News URL
Related news
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)