Security News > 2021 > May > Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware
Microsoft on Thursday warned of a "Massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.
The new wave of attacks, which the company spotted last week, commences with spam emails sent from compromised email accounts with "Outgoing Payments" in the subject line, luring the recipients into opening malicious PDF documents that claim to be remittances, but in reality, connect to a rogue domain to download the STRRAT malware.
Besides establishing connections to a command-and-control server during execution, the malware comes with a range of features that allow it to collect browser passwords, log keystrokes, and run remote commands and PowerShell scripts.
STRRAT first emerged in the threat landscape in June 2020, with German cybersecurity firm G Data observing the Windows malware in phishing emails containing malicious Jar attachments.
"The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging," G Data malware analyst Karsten Hahn detailed.
"It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/rBj4zUNjEc0/microsoft-warns-of-data-stealing.html
Related news
- Ransomware gang targets IT workers with new SharpRhino malware (source)
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals (source)
- Ransomware gang deploys new malware to kill security software (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Microsoft mistake blows up admins' inboxes with fake malware alerts (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector (source)