A massive hacking campaign is currently underway. Hackers send a multitude of different emails to their victims in the hope that they will open at least one. Inside is an attachment, in the form of a PDF, which is actually a malware capable of stealing passwords.
We can never say it enough, we must always check by two lights before downloading an attachment sent by email. It’s as old as the world—at least, the Internet—and yet it still works. After revealing that a malware is currently attacking the aviation sector, Microsoft discovered a huge mailing campaign aimed at stealing the passwords of its victims.
In these emails there is a systematic PDF file, which at first glance seems harmless, but which hides in reality a Trojan named StrRAT. The latter is particularly vicious, since it is multitasking. Like Panda Steeler, he is therefore able to steal the identifiers contained in digital wallets. But that’s not all: it can also be used to take control of the infected machine, or even disguise as ransomware.
HACKERS TRICK THEIR VICTIM INTO DOWNLOADING THE MALWARE
To ensure maximum success, hackers use mass social engineering. Thus, the campaign is not based on a single standard mail, but on a multitude of different topics, in the hope that one of them will attract the attention of the targeted people. Many imitate financial emails, such as payments or transfers of large amounts.
However, remember that the malware is only active when it is downloaded by the victim. Also, if the email goes to the hatch, the machine will not be infected, and passwords and other information will remain safe. If an email containing an attachment seems suspicious to you, then it probably is. Avoid downloading the file at all costs. Microsoft also states that its antivirus Defender can detect the malware and protect the target PC.
The latest version of the Java-based STRRAT malware (1.5) was seen being distributed in a massive email campaign last week. This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them. pic.twitter.com/mGow2sJupN
— Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021