A massive phishing campaign distributes what looks like a trojan malware (Trojan horse) attack that creates simulated access in Windows systems to steal the usernames, passwords and other personal data of victims. This is based on a distraction attempt put in place to cover up the fact that the computer has been compromised by a remote Trojan – a very stealthy form of malware, unlike a much more egregious ransomware attack.
As part of the infection process, the malware adds a .crimson filename extension to files in order to pass off the attack as ransomware – although no files are actually encrypted.
According to Microsoft cybersecurity researchers, the latest version of the Java-based STRRAT malware is distributed through e-mail, which uses e-mail accounts to deliver messages purporting to be related to payments, accompanied by an image posing as an attachment that appears to contain information about the alleged transfer. The hacker then has full control of the victim’s computer when the victim opens the attachment.
It is likely that this malicious campaign – or other similar phishing campaigns – is still active, with cybercriminals continuing their attempts to distribute the STRRAT malware to many devices. Since the malware is able to access usernames and passwords, it is possible that anyone with an infected system will see their email account being abused by hackers in order to spread STRRAT. with new phishing emails.
As this malware relies on phishing emails, it is possible to take steps to avoid being hit. Be wary of unexpected or unusual messages – especially those that appear to offer financial incentive – and be careful when opening emails and attachments from strange or unknown email addresses.
Using antivirus software to detect and identify threats can also help prevent malicious emails from landing in inboxes, eliminating the risk of someone opening the message and clicking the malicious link.