{"id":21459,"date":"2021-05-29T08:55:03","date_gmt":"2021-05-29T12:55:03","guid":{"rendered":"https:\/\/www.thundercloud.net\/infoave\/new\/?p=21459"},"modified":"2021-05-29T08:55:03","modified_gmt":"2021-05-29T12:55:03","slug":"a-new-password-stealing-trojan-is-on-the-loose-be-careful-with-email-attachments","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/a-new-password-stealing-trojan-is-on-the-loose-be-careful-with-email-attachments\/","title":{"rendered":"A New Password-Stealing Trojan is on the Loose – Be Careful with Email Attachments"},"content":{"rendered":"

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

A New Password-stealing Trojan is on the Loose – Be Careful with Email Attachments<\/strong><\/span><\/p>\n

Microsoft Security discovered malicious fake PDF files that download the Java-based StrRAT Trojan which can steal credentials, passwords and change file names but does not encrypt them as ransomware does.<\/span><\/p>\n

According to BGR<\/a>…<\/span><\/p>\n

Stop opening PDFs attached to emails unless you\u2019re absolutely certain about where they originated and who is sending them to you.<\/span><\/p>\n

Not that most of you were likely opening such email attachments with wild abandon before now, but be warned \u2014 Microsoft\u2019s Security Intelligence team has uncovered what sounds like a Trojan malware attack as part of a \u201cmassive\u201d email campaign with a nasty payload \u2014 malicious PDFs, which download a password- and credential-stealing Java-based remote access Trojan called StrRAT. In addition to stealing credentials and even taking control of systems, Microsoft researchers have also found that this malware can disguise itself as faked ransomware.<\/span><\/p>\n

‘When running on a system,\u201d Microsoft explains in a tweet thread about this particular malware, ‘STRRAT connects to a C2 server. Version 1.5 is notably more obfuscated and modular than previous versions, but the backdoor functions mostly remain the same: collect browser passwords, run remote commands and PowerShell, log keystrokes, among others.’<\/span><\/p>\n

(According to Threatpost<\/a>)<\/span>‘…Some of the messages, for example, come with the subject line \u201cOutgoing Payments,\u201d which might seem innocuous enough to someone at a small business… Others purport to have come from the ‘Accounts Payable Department.’<\/span><\/p>\n

The campaign includes several different emails that all use social engineering around payment receipts to encourage people to click on an attached file that appears to be a PDF but that actually has malicious intent,\u201d Threatpost continues.<\/span><\/p>\n

\"Beware<\/p>\n

‘One email informs the recipient that it includes an \u2018Outgoing Payment\u2019 with a specific number \u2014 presumably, the attached PDF. Another addresses the message to a \u2018Supplier\u2019 and appears to let the receiver know that \u2018your payment has been released as per attached payment advice,\u2019 asking the recipient to verify adjustments made in the attached PDF.’<\/span><\/p>\n

The delivery mechanism for this malware, via the phishing emails, is arguably something of a weakness, in that in this case it requires the victim to take an action to set this whole thing in motion… <\/span>Read the entire post on the Web.<\/a><\/p><\/blockquote>\n

If you’re using Microsoft Defender or Emsisoft, you should be protected from the StrRAT Trojan. But don’t tempt fate. The best way to avoid this password-credential-stealing malware and other malicious software is to follow the advice we’ve been giving you for years. Never open email attachments unless you’re certain you know who sent the attachment(s) and you were expecting them<\/strong>. If you’re not sure, don’t ever open attachments in email. It is always better to be safe than sorry.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

        A New Password-stealing Trojan is on the Loose – Be Careful with Email Attachments Microsoft Security discovered malicious fake PDF files that download the Java-based StrRAT Trojan which can steal credentials, passwords and change file names but does not encrypt them as ransomware does. According to BGR… Stop opening PDFs attached to emails unless\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":14573,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1669,2509,1682,1656,1674],"tags":[4215],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/21459"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=21459"}],"version-history":[{"count":4,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/21459\/revisions"}],"predecessor-version":[{"id":21466,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/21459\/revisions\/21466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media\/14573"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=21459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=21459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=21459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}