Saturday, July 13, 2024
EHA

Java-based STRRAT Malware RAT Attack Windows Users by Mimics as Ransomware

Recently, a new malware campaign, STRRAT has been detected by the Microsoft security team, as per the security experts, the hackers are distributing a remote access Trojan (RAT) through this malware.

This malware is stealing data from the infected systems, and not only this but the malware is remarkable, as it always conceals itself as ransomware.

The researchers at the Microsoft security team have investigated the malware and realized that this malware can work as a backdoor on every affected host. 

The operators of this malware have specifically designed this malware to steal the credentials from the infected Windows systems. However, this is not the first time when experts detected this malware, as STRRAT has been initially detected in 2020. 

And the previous technical report claims that this malware had got a wide range of functions, that helps it to steal credentials and modify all local files on the infected machines.

Bot only that even the experts at Microsoft has also claimed that the STRRAT version 1.2, is currently witnessing a massive campaign so that they can distribute its STRRAT version 1.5.

Infection chain

In this malware campaign, the threat actors have used all the negotiated email account, and the main reason behind this is to transfer different emails accordingly.

However, the emails have different messages and subjects, thus some subjects lines are like “Outgoing Payments.” Apart from this, there are many other subjects like “Accounts Payable Department”, and that’s how every email was assigned by the hackers to achieve all their desired goals.

In this campaign, the threat actors use social engineering for all payment receipts in their email subjects, and the main motive of the hackers for doing this is to motivate people so that they will click on an attached file of malicious intent, that is masked as a legitimate file.

It enables the Remote Desktop Host support and installs the open-source RDP Wrapper Library (RDPWrap) on the compromised systems to provide remote access to its operators.

Browser affected

The operators of the STRRAT can easily run commands and harvest sensitive information on the infected systems remotely, as it has the ability to log all the keystrokes on the infected systems.

To exfiltrate sensitive data like credentials and run commands remotely the operators of STRRAT can abuse the major email clients and browsers like:-

  • Mozilla Firefox
  • Internet Explorer
  • Google Chrome
  • Foxmail
  • Microsoft Outlook
  • Thunderbird

Mitigation

Moreover, the cybersecurity analysts of the Microsoft security team have also mentioned some common mitigation to bypass this malware. As told that the Microsoft 365 Defender can help the victims to bypass the STRRAT malware campaign. 

Even they have also apprehended that the hackers are keeping their bogus encryption behavior in the same signal. So, in this meantime, the threat actors are aiming to make a lump-sum amount of money in a short period of time money through extortion.

The machine learning-based protections on the Microsoft 365 Defender detect blocks the malware on endpoints and directly alert the security experts regarding the malware.

Apart from all these things, the experts have also noted that the threat actors have added more obfuscation in this malware and expanded its modular architecture.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles