Microsoft Warns of Malware Campaign Spreading a RAT Masquerading as Ransomware (therecord.media) 33
The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack. From a report: According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. "Attackers used compromised email accounts to launch the email campaign," Microsoft said in a series of tweets last night. "The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware." First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.
Re: (Score:1)
Olfactory sensors (Score:2)
Re: (Score:2)
Hey, we just bathed!
Curses, thwarted again. (Score:2)
According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments.
Text only, no-attachments, evil thwarted.
Re: (Score:2)
In other news: It's 2021 and we're still receiving emails that can take over an entire system with a single mouse click.
Re: (Score:2)
And a late bulletin: It's 2021 and mass-spammed emails are still arriving in our inboxes.
Re: Curses, thwarted again. (Score:2)
In more depressing news, its 2021 and we still haven't got a standardized universal messaging standard to merge 100 different walled garden apps with different features
(Like email, whatsapp , text, telegram, video/audio/group calls, FB/IG /Linkedin / twitter messengers... )
that everyone can connect to using any compliant app(s) of their choice.
Re: (Score:1)
In other news: It's 2021 and we're still receiving emails that can take over an entire system with a single mouse click.
Indeed. Because MS does not care on bit about its users.
Running... (Score:1)
Or are they counting on clueless individuals clicking on the
Re:Running... (Score:4, Informative)
Summary says: "The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware."
The real WTF is allowing everything to run "scripts".
Re: (Score:1)
BTW Javascript is the first thing I turn off when I install Acrobat Reader.
Re: (Score:1)
Re: (Score:2)
The real WTF is allowing everything to run "scripts".
Indeed. That requires extreme stupidity, extreme ignorance and negligence that cannot get more gross.
Interesting (Score:2)
Re: (Score:2)
I wonder how long until someone throws out some ransomware that does some really lame encryption like ROT13 text files? Just for the lolz, of course.
Uh, if you're still wondering what the rate of devolution is these days, this is sadly, even lamer than that.
"...the so called ‘encryption’ only renames files by appending the .crimson extension...This might still work for extortion because such files cannot be opened anymore by double-clicking...If the extension is removed, the files can be opened as usual.”
Drats! Hacked again by the Evil Dr. Rename. Oh, when will the suffering stop?
Re: (Score:2)
Re: (Score:2)
A lot of ransomware groups are basing their ransom on data exfiltration, with blackmail/extortion being their mainstay, as opposed to denying access to data.
I wouldn't be surprised to see a malware group create ransomware that if disturbed, sends a note to the group, which then they will past all confidential company stuff on pastebin or just sell it, so restoring a backup, or decrypting a file would be out of the question for an average company. If a game company can make tamper detection software, then a
And you wonder why ransomware, works. (Score:3)
An interesting analysis from TFA:
"...the so called ‘encryption’ only renames files by appending the .crimson extension...This might still work for extortion because such files cannot be opened anymore by double-clicking...If the extension is removed, the files can be opened as usual.”
And now we know why ransomware works so well. This is like selling Jack the magic beans, only they're invisible.
Hey! Slow down, stupid. You spill those, and you'll never find them...
Re: And you wonder why ransomware, works. (Score:1)
Re: (Score:2)
The level of autism required to make a post like that, repeatedly, for years on end, is truly frightening. I assume they wrote a script that generates them, but still...that's some nuclear-grade fucked-upedness.
I hope they get help.
Masquerading RAT? (Score:2)
We're not White Snake, dude. We're Poison!
I thought we was Quiet Riot...
The Microsoft Security Intelligence team %. (Score:1, Insightful)
The Microsoft Security Intelligence, surely an oxymoron if there ever was one. The PDF files aren't malicious. The problem lays totally with an Operating System that can't tell the difference between DATA and CODE.
RAT Masquerading as Ransomware? (Score:2)
"RAT?" What? No... (Score:1)
Can we just call it a Trojan, the way we did for the last 30 years?
Re: (Score:2)
Gives the other kind of Trojan a bad name.
Here's an idea (Score:2)
The emails contained an image that posed as a PDF attachment ...
How about a warning when something (file/attachment) says it's one thing (extension) but is actually another (contents/magic)?
We are now officially meta. (Score:2)
Malware disguised as malware. Is Mars ready to colonize yet? I want to go away.
Indeed (Score:2)
"Thank goodness, (Score:1)
The mugger just wants to copy my drivers license, not take my cash."