Security News > 2021 > May > Microsoft: Massive malware campaign delivers fake ransomware
A massive malware campaign pushed the Java-based STRRAT remote access trojan, known for its data theft capabilities and the ability to fake ransomware attacks.
In a series of tweets, the Microsoft Security Intelligence team outlined how this "Massive email campaign" spread the fake ransomware payloads using compromised email accounts.
"The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware," Microsoft said.
As the Microsoft Security Intelligence team mentioned in their tweets, the STRRAT malware is designed to fake a ransomware attack while stealing its victims' data in the background.
G DATA malware analyst Karsten Hahn said in June 2020 that the malware infects Windows devices via email campaigns pushing malicious JAR packages that deliver the finally RAT payload after going through two stages of VBScript scripts.
As Microsoft found while analyzing last week's massive STRRAT campaign, the malware developers haven't stopped improving it, adding more obfuscation and expanding its modular architecture.
News URL
Related news
- Ransomware gang targets IT workers with new SharpRhino malware (source)
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals (source)
- Ransomware gang deploys new malware to kill security software (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Microsoft mistake blows up admins' inboxes with fake malware alerts (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector (source)