Hackers using StrRAT ransomware to infect Windows PCs

Thanks to Covid-19-induced lockdown, Work From Home (WFH) has become a new normal in the corporate world. However, it is attracting bad actors to prey on naive employees to steal trade secrets and other critical information of the company.

Cyber researchers of Microsoft Security Intelligence(MSI) have uncovered a case of hackers using a StrRAT, a variant of Remote Access Trojan (RAT) to take over Window-based computers.

"Attackers used compromised email accounts to launch the email campaign. The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware," MSI experts said.

They send StrRAT-laced PDF documents via email to unsuspecting users and once they click the document to open, the malware gets downloaded to the system. It establishes a connection with Command-and-Control (C2) server to receive signals from the threat actors.

MSI researchers say the latest StrRAT v1.5 is more obfuscated and modular than previous versions, but the backdoor functions mostly remain the same. It collects browser passwords, run remote commands and PowerShell, log keystrokes, among others.

Windows PC owners are advised to be wary of emails from unknown senders. Also, even if the mail comes with a genuine-looking logo of a major company, exhibit caution. Carefully read the email contents and only if it has any relevance to your work or academics, go ahead in opening a PDG or clicking URL link.

It goes without saying, users must have anti-virus applications installed on their PCs to protect themselves from cyber threats.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.