Security researchers have discovered a new massive spam email campaign designed to push the latest version of STRRAT malware, according to data shared by Microsoft.
Ransomware attacks are among the most dangerous for people and companies alike. Having your data locked by ransomware, possibly stolen in the process, and then face blackmail is not a pleasant prospect. It turns out that some malware only impersonates a ransomware attack, leaving the files untouched but scaring people with the possibility of a ransomware infection.
STRRAT is a type of malware that imitates the behavior of ransomware without actually being ransomware. Users infected with this threat are lead to believe they have fallen victim to a much more severe attack, which is not the case. It’s also remote access trojan (RAT), which means that it can still cause harm by collecting browser passwords, allowing remote access, and even logging keystrokes, among many other features.
“This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them,” said the Microsoft Security Intelligence team on Twitter.
“Attackers used compromised email accounts to launch the email campaign. The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware,” they explained.
Because the attacks occur via email, the most straightforward mitigation available to users is the same as for any other possible threats — avoid opening emails from unknown sources, not to mention attachments. If they have any doubt about the veracity of an email, they should personally contact the senders to confirm. And keep an updated security solution running on the device at all times.