STRRAT a malware campaign has been detected by the Microsoft security team, as per the security experts, the hackers are distributing a remote access Trojan (RAT) through this malware stealing data from infected system working as a backdoor

The operators of this malware have specifically designed this malware to steal the credentials from the infected Windows systems and modifying the local files. Version 1.2 is used to distribute 1.5 STRRAT version

Chain Activity

The threat actors have used all the negotiated email account, and the main reason behind this is to transfer different emails .The threat actors use social engineering for all payment receipts in their email subjects, and the main motive of the hackers for doing this is to motivate people so that they will click on an attached file of malicious intent, that is masked as a legitimate file.

The emails have different messages and subjects, thus some subjects lines are like “Outgoing Payments.” Apart from this, there are many other subjects like “Accounts Payable Department”, and that’s how every email was assigned by the hackers to achieve all their desired goals.

It enables the Remote Desktop Host support and installs the open-source RDP Wrapper Library (RDPWrap) on the compromised systems to provide remote access to its operators.

Browser affected

  • Mozilla Firefox
  • Internet Explorer
  • Google Chrome
  • Foxmail
  • Microsoft Outlook
  • Thunderbird

Mitigation

Microsoft security team have also mentioned some common mitigation to bypass this malware. As told that the Microsoft 365 Defender can help the victims to bypass the STRRAT malware campaign.

The machine learning-based protections on the Microsoft 365 Defender detect blocks the malware on endpoints and directly alert the security experts regarding the malware.