Security News > 2021 > May > Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "Massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.

The new wave of attacks, which the company spotted last week, commences with spam emails sent from compromised email accounts with "Outgoing Payments" in the subject line, luring the recipients into opening malicious PDF documents that claim to be remittances, but in reality, connect to a rogue domain to download the STRRAT malware.

Besides establishing connections to a command-and-control server during execution, the malware comes with a range of features that allow it to collect browser passwords, log keystrokes, and run remote commands and PowerShell scripts.

STRRAT first emerged in the threat landscape in June 2020, with German cybersecurity firm G Data observing the Windows malware in phishing emails containing malicious Jar attachments.

"The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging," G Data malware analyst Karsten Hahn detailed.

"It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/rBj4zUNjEc0/microsoft-warns-of-data-stealing.html