Ransomware

Java-based malware STRRAT steals credentials & comes with .CRIMSON ransomware module

ITFunk Research
ITFunk Research
Java-based malware STRRAT steals credentials & comes with .CRIMSON ransomware module
Contents
What is STRRAT Malware?How Can Users Defend Against Emails with Malicious Payloads

According to reports, a malware strain known as STRRAT malware is being deployed as part of the infamous .CRIMSON ransomware. 

What is STRRAT Malware?

Researchers at G Data Solutions first discovered STRRAT malware in spam emails. The emails arrived with the attachment labeled ‘NEW ORDER.jar.’ When that attachment is opened, it retrieves a VBScript, saved under the name ‘bqhoonmpho.vbs.’ It also downloads Java Runtime Environment and infects machines on which Java wasn’t installed.

G Data Solutions researchers also found that STRRAT malware was able to steal credentials and passwords for emails and browsers through keylogging. The malware also comes with a ransomware module appending files with the .CRIMSON extension. Strangely enough, victims can reportedly recover their data by removing the extension from affected file names.

How Can Users Defend Against Emails with Malicious Payloads

Computer users can defend themselves from malicious payloads by employing better security protocols. Companies can conduct awareness training and educate employees about the dangers of email phishing. Training programs should include simulated phishing exercises to test employee familiarity with hackers’ methods and dissuade them from falling victim to common schemes.

IT personnel should also add additional security guards like banners that flag emails from untrusted sources. It’s important for emails coming from blacklisted or unknown domains to reduce the chance of any macros being executed from malicious email attachments.

Hackers can use STRRAT malware to steal credentials stored on web browsers and email accounts. Threat actors can also use this remote access Trojan to steal login info and use it for fraudulent transactions. The keylogging function also allows attackers to gather information, including email addresses, usernames, passwords, credit card data, and other sensitive data. The STRRAT remote access trojan can also be used to execute commands that allow attackers complete access to a computer, using it to install additional malware, ransomware, or cryptocurrency mining code.

You Might Also Like

NBZI Ransomware: A Menace from the STOP/Djvu Ransomware Lineage

How Do I Deal with the NBWR Ransomware Infection?

Decoding the Emerging Threat of Xro Ransomware

Elpy Ransomware: Mitigating Its Multi-Faceted Threats

CACTUS Ransomware: Exploiting Qlik Sense Vulnerabilities

TAGGED:
Share This Article
Previous Article A report reveals over 15 billions of stolen login credentials from more than 100,000 data breaches are for sale on the dark web
Next Article IcedID banking trojan tricks users with COVID-19 & FMLA (Family and Medical Leave Act) phishing emails
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest News

STOP/Djvu Ransomware
NBZI Ransomware: A Menace from the STOP/Djvu Ransomware Lineage
Ransomware
Antivirusapp[.]space: Unveiling the Rogue Webpage Instigating Scams and Intrusive Notifications
Adware Browser Hijackers
Gqa Virus App: Protecting Your Mac Against Intrusive Adware
Adware Mac Malware
Nbp Virus App Adware: Safeguarding Mac Security
Adware
Lost your password?