Quote:An email campaign is delivering a Java-based remote access trojan (RAT) that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered.
 
The Microsoft Security Intelligence (MSI) team has outlined details of a “massive email campaign” delivering the StrRAT malware that they observed last week and reported in a series of tweets earlier this week.
 
StrRAT is a Java-based remote access tool which steals browser credentials, logs keystrokes and takes remote control of infected systems—all typical behaviors of RATs, MSI researchers described in documentation posted on GitHub about the malware. The RAT also has a module to download an additional payload onto the infected machine based on command-and-control (C2) server command, they said.
 
StrRAT also has a unique feature not common to this type of malware: “a ransomware encryption/decryption module” that changes file names in a way that would suggest encryption is the next step. However, StrRAT stops short of this function, “appending the file name extension .crimson to files without actually encrypting them,” researchers said in one of the tweets describing the attacks.