Microsoft warns users of data-stealing malware, it is a java based STRRAT malware that infects the system disguising itself as a ransomware infection.
Microsoft Security Intelligence theme informed its user via a series of tweets. The tweet said, “This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them.”
Earlier last week Microsoft spotted a new wave of attacks, where starts with spam emails sent from compromised email accounts. They have “Outgoing Payments’ ‘ mentioned in their subject line, this lures users into opening malicious PDF documents for remittance. In reality, these are linked with a rogue domain to download the STRRAT malware.
Once it connects with the command and control server, the malware loads itself with a number of features that enable it to collect browser passwords, log keystrokes, and run remote commands and PowerShell scripts.
Earlier in June 2020, German cybersecurity firm G Data while observing the Windows malware (version 1.2) in phishing emails containing malicious Jar (or Java Archive) attachments discovered the STRRAT.
According to Karsten Hahn, G Data analyst, “The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging. It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird.”
The ransomware in its introductory stage only renames files by suffixing the “.crimson” extension. Kahn further added, “If the extension is removed, the files can be opened as usual.”