There are many types of computer attacks, each with its peculiarities, but never separately. Cybercriminals often mix various malware formats to strengthen their campaign and make the theft more effective. This is the case of STRRAT, malware discovered by a group of Microsoft cybersecurity researchers. They denounce the use of phishing techniques to convince users through an email, to later steal personal data with a Trojan, while posing as ransomware.
Certainly using the Internet on any device is a constant danger, since digital pirates are on the lookout for victims in order to obtain their personal data, identity or anything else that may be useful for their illicit purposes. Criminals generally send an apocryphal email with messages of supposed bank movements, later they ask you to download a PDF to see these movements. As soon as the user downloads this document, they are redirected to a malicious website that automatically downloads the STRRAT malware to your device.
Subsequently, this malware adds an extension called “.crimson” to the user’s files, the purpose of which is to divert attention while information such as passwords, keyboard use, keywords, remote commands and visited pages are collected. In this way, criminals obtain full control of the computer without the owner of the device noticing what is happening and so the hackers behind the attack would have the ability to access usernames and passwords. They could also record everything that is entered via the keyboard, execute remote commands and PowerShell.
How to protect ourselves from STRRAT Malware
As we have always said, the main and most important line of defense is one’s own criteria, since most cybercriminals need to have interaction with users in order to access their information, DO NOT BE FOOLED!!!
▸Protect your devices
Having an antivirus is essential since these are the first line of defense against all Internet threats but… there are many and of course some better than others, search and choose the one that best suits you.
▸Report and notify any suspicious activity
Notify any mail or message that seems strange, dangerous or malicious. Simply select the message, choose “options” and report to the company where our email account is registered.
▸Avoid identity theft
If you get to receive this kind of email, the best thing you can do is not answer the email, especially if it asks for personal data or that may violate our identity.
Also check:
AHK, the new malicious RAT distribution campaign
RAT is a very Dangerous Malware
Snip3 tool that enchances the dangerous RAT threat
Spear Phishing attempt of data theft
