Stop opening PDF files you receive in shady emails, Microsoft’s Security Intelligence discovers malware hidden in them

Stop opening PDF files you receive in shady emails, Microsoft’s Security Intelligence discovers malware hidden in them

If you have a habit of impulsively opening PDFs that you find attached with emails that look shady at best, you need to stop doing that immediately. Microsoft’s Security Intelligence has discovered a Trojan malware attack that hackers are using to target people who do not think twice before opening any PDF files attached to emails.

According to the team of researchers at Microsoft Security Intelligence, hackers are targeting users through this email campaign that uses malicious PDF files as bait. These PDFs, when downloaded without caution, can download a Java-based remote access Trojan file called StrRAT, and it can steal passwords and other bank-related credentials saved on your machine. Worse yet, the researchers have found that the Trojan malware in these PDFs can even disguise itself as faked ransomware.

These PDF files end with the .crimson extension without encryption. In most cases, there are files that may be an image but they pose as a PDF attachment with .PDF at the end, often succeeding in fooling users into downloading it. When opened, this image masquerading as a benign PDF connects to a malware domain “to download the StrRAT malware.” Hackers often target compromised email accounts with this email campaign that spreads the StrRAT malware, according to Microsoft’s Security Intelligence team. Nearly all the emails that hackers send under this malware campaign use social engineering around payment receipts that may look innocuous to most people.

The StrRAT malware that hackers are using this time bears version number 1.5, and Microsoft said it “is notably more obfuscated and modular than previous versions.” However, the backdoor functionality of this new StrRAT version is identical to that of its prequels, which is collecting browser passwords, running remote commands and PowerShell on the Windows machine, logging keystrokes, among other unsolicited activities. The StrRAT malware, when fully downloaded and operational on a Windows machine, connects to a C2 server to download necessary files.

It seems only valid that you tread cautiously when dealing with shady emails and do not immediately click on a file attached with it. With a little scepticism, you may be able to protect your computer and personal data from falling prey to a malware campaign like this.

Microsoft has said that its Microsoft 365 Defender can offer protection against such malware threats by blocking them on endpoints with the use of machine learning. Besides, Microsoft has also published advanced hunting queries, which are basically steps to locate malware and nix them, to “help defenders locate indicators and malicious behaviours related to StrRAT and similar threats in their environments” on GitHub.