Hackers are stealing users’ password through ransomware campaign, Microsoft warns

Posted on May 25, 2021 at 7:19 AM

Hackers are stealing users’ password through ransomware campaign, Microsoft warns

Microsoft has warned that a massive email campaign is utilizing STRRAT malware to extort sensitive data from users. According to the report, the email campaign is masquerading as a ransomware attack.

The cybersecurity unit of the tech giant reported about the malware activities and added that STRRAT, based in Java, appends .crimson file names without even encrypting them.

The malware collects passwords and logs keystrokes

Microsoft says the threat actors initiate the attack using spam emails retrieved from compromised accounts.

The emails contain the subject line:” Outgoing Payments”. It further cajoles the users to open the file, which contains malware.

According to the PDF claim, the file is a transaction detail. However, in reality, it is a domain that downloads the STRRAT malware.

After the malware is downloaded, it connects to the C2 (command-and-control) server of the threat actors and starts initiating malware operations.

The Microsoft cybersecurity team described the analytical activities of the malware, saying that it collects passwords, logs keystrokes, and runs PowerShell scripts as well as remote commands.

The malware was initially detected in June last year after cybersecurity firm G Data discovered a Java-based Windows malware found in phishing emails. The file is an attachment that can be downloaded by unsuspecting victims.

The G Data stated that STRRAT takes priority in stealing the email and browser credentials of users through keylogging. It is highly potent because it’s being supported by email clients and browsers such as Outlook, Thunderbird, Foxmail, Chrome, Internet Explorer, and Firefox.

Malware’s capability still at a rudimentary level

Microsoft said the capability of the malware is still at its basic level, with the encryption phase-only renaming the .crimson extension. The files can be accessed manually if the extension is removed.

However, the bogus encryption is still the same, which shows that the campaign may be looking for quick money by extorting money from unsuspecting users.

But Microsoft says the malicious group running STRRAT are constantly improving the malware’s capabilities. As a result, the recent version 1.5 is more advanced and modular than previous versions.

The Java-based STRRAT malware distracts victims by acting like ransomware while creating a backdoor into the infected systems.

According to the researchers, the more recent version of the malware is “notably more obfuscated and modular than previous versions”  

The malware adds the .crimson file name extension and hides the fact that the computer has been infected with a remote access Trojan.

The threat actors are still busy distributing the STRRAT malware, which indicates that the criminals are still trying to infect more computers with the virus.

Considering how the malware succeeded in gaining access to the victims’ usernames and passwords, those whose accounts have been compromised may likely see their email accounts abused by threat actors in the future. The security researchers say they could be victims of further exploits of phishing emails using the STRRAT malware.

Avoiding being a victim

Since the malware campaign depends on phishing emails, users have been advised on what they can do to prevent being victims of the attack. They should be vigilant of unusual or unexpected messages, especially those that seem to offer financial incentives. They should also be careful when opening emails and attachments from strange email addresses.

It’s also very helpful to install strong antivirus software to identify threats and prevent malicious emails from gaining access to inboxes. This will take away the risk of the user opening the message clicking on the link to enable the malware.

Users have also been advised to be wary of replying to any message offering promotions even if it looks genuine. Threat actors have mastered the act of cloning popular websites, making the fake sites look genuine. If they are deceived into clicking on the website link, the malware may flood into their system. They should rather use the browser address bar to type the name of the website and confirm whatever information they receive.

Summary
Hackers are stealing users’ password through ransomware campaign, Microsoft warns
Article Name
Hackers are stealing users’ password through ransomware campaign, Microsoft warns
Description
Microsoft has warned that a massive email campaign is utilizing STRRAT malware to extort sensitive data from users. According to the report, the email campaign is masquerading as a ransomware attack.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading