Microsoft’s Security Intelligence team has discovered a new Remote Access Trojan that can steal your credentials using an attack pattern based on Java via attachments in PDF format. The name given to this malware is StrRAT (RAT stands for Trojan) and poses a serious threat that is being spread as an email campaign.
It is always Windows 10 that is in the news due to a malware attack with Microsoft in a tight corner. But this time things have reversed as Microsoft was the first to identify this malware and present it to the world. This malware spreads through email and does inflict damage after the PDF attachment is opened.
Microsoft explained the working of the StrRAT and explained that this malware is sent by hackers as a PDF attachment using a compromised email account. The hackers then send many emails with attractive and attention-seeking subject lines. The victim will be directed in the email body to download and open the PDF attached to confirm the information in the email subject and body.
Once the PDF is clicked to open, the damage process initiates as the StrRAT malware will be immediately downloaded and installed. The installation process is automatic and does not require any intervention from the victim. After installing itself, the malware will start capturing the passwords and other credentials along with recording all the keystrokes pressed by the user. The malware can also provide remote control of the computer to the PC.
Other terrifying details of the StrRAT malware include the fact that it behaves partially like ransomware as it changes filenames and file extensions. However, it is not known to encrypt any file as of now. But Microsoft believes that there is certain potential that can evolve this malware into dangerous ransomware.
Now for the Good News! This malware is easily detectable by Microsoft 365 Defender and blocked at the time it enters your PC. The Microsoft 365 Defender is available to all Microsoft 365 Subscribers for free. There have been other reports that third-party antivirus programs like Kaspersky are also capable of detecting and removing this threat.