minute read
Share this article:
Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn’t actually encrypt.
An email campaign is delivering a Java-based remote access trojan (RAT) that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered.
The Microsoft Security Intelligence (MSI) team has outlined details of a “massive email campaign” delivering the StrRAT malware that they observed last week and reported in a series of tweets earlier this week.
StrRAT is a Java-based remote access tool which steals browser credentials, logs keystrokes and takes remote control of infected systems—all typical behaviors of RATs, MSI researchers described in documentation posted on GitHub about the malware. The RAT also has a module to download an additional payload onto the infected machine based on command-and-control (C2) server command, they said.