Based on Java (1.5), this malware is hiding in an image that presents itself as an attachment associated with an email message. The Trojan horse can steal usernames, passwords, and other personal data by recording keystrokes, as Microsoft warns on Twitter.
The latest version of the Java-based STRRAT (1.5) malware was seen distributing in a massive email campaign last week. This RAT is notorious for its ransomware-like behavior of appending the .crimson filename extension to files without actually encrypting them. pic.twitter.com/mGow2sJupN
Microsoft Security Intelligence (MsftSecIntel) May 19, 2021
It acts like ransomware
The way it works is special. This is because it behaves like ransomware. So, once published, it appends the file name extension. Purple refers to the files on the computer but are not physically encrypted. It is a matter of distracting the victim to make him believe that he is only dealing with a ransomware program but not a remotely executable Trojan horse.
To spread, malware can rely on distributing emails offering payment to the victim. To see the amount, you are asked to click on what appears as an attachment, it is supposed to be in PDF format. Once the victim opens the file, he downloads the malware and the hacker can access his computer, our colleagues note.
The campaign appears to be continuing. It is possible that the hackers could extend it thanks to the various data collected allowing them to access the emails of the victims.
The best way to protect yourself from STRRAT is to not click on the image that acts as an attachment. It is best to be wary of any email whose correspondent does not know, especially if the subject matter is monetary gain. Installing an antivirus program that checks email can also protect against attacks.