This massive phishing campaign delivers password-stealing malware disguised as ransomware
Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised email accounts to distribute messages claiming to be related to payments. The emails also include images posing as PDF attachments claiming to have information about the illegitimate transfer. When the user opens the file, they are connected to a malicious domain that downloads the malware.
Researchers described the updated version of STRRAT as more obfuscated and modular, retaining the same backdoor functions such as the ability to collect passwords, log keystrokes, run remote commands, and PowerShell. This ultimately gives an attacker full control over the infected machine. The malware attempts to mask itself as ransomware, possibly in an effort to distract the victim and hide the fact that the PC has been compromised with the stealthy remote access trojan. Microsoft states that it is likely this spam campaign is still active.