Security News > 2022 > January > Phishing impersonates shipping giant Maersk to push STRRAT malware
A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices.
Fortinet discovered the new campaign after spotting phishing emails impersonating Maersk Shipping, a giant in the global shipping industry, and using seemingly legitimate email addresses.
If the recipient opens the attached document, the macro code that runs fetches the STRRAT malware onto their machine, a powerful remote access trojan that can steal information and even fake ransomware attacks.
As seen in the header information of the phishing emails, the messages are routed through recently registered domains that increase the risk of being flagged by email security solutions.
The STRRAT infection begins by decrypting the configuration file, copying the malware into a new directory, and adding new Windows registry entries for persistence.
STRRAT malware first gathers basic information on the host system like the architecture and any anti-virus tools running on it and checks local storage and network capability.