According to reports, a malware strain known as STRRAT malware is being deployed as part of the infamous .CRIMSON ransomware.
What is STRRAT Malware?
Researchers at G Data Solutions first discovered STRRAT malware in spam emails. The emails arrived with the attachment labeled ‘NEW ORDER.jar.’ When that attachment is opened, it retrieves a VBScript, saved under the name ‘bqhoonmpho.vbs.’ It also downloads Java Runtime Environment and infects machines on which Java wasn’t installed.
G Data Solutions researchers also found that STRRAT malware was able to steal credentials and passwords for emails and browsers through keylogging. The malware also comes with a ransomware module appending files with the .CRIMSON extension. Strangely enough, victims can reportedly recover their data by removing the extension from affected file names.
How Can Users Defend Against Emails with Malicious Payloads
Computer users can defend themselves from malicious payloads by employing better security protocols. Companies can conduct awareness training and educate employees about the dangers of email phishing. Training programs should include simulated phishing exercises to test employee familiarity with hackers’ methods and dissuade them from falling victim to common schemes.
IT personnel should also add additional security guards like banners that flag emails from untrusted sources. It’s important for emails coming from blacklisted or unknown domains to reduce the chance of any macros being executed from malicious email attachments.
Hackers can use STRRAT malware to steal credentials stored on web browsers and email accounts. Threat actors can also use this remote access Trojan to steal login info and use it for fraudulent transactions. The keylogging function also allows attackers to gather information, including email addresses, usernames, passwords, credit card data, and other sensitive data. The STRRAT remote access trojan can also be used to execute commands that allow attackers complete access to a computer, using it to install additional malware, ransomware, or cryptocurrency mining code.