The Microsoft Security Intelligence team said the STTRAT campaign is using a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments.
“Attackers used compromised email accounts to launch the email campaign”, Microsoft said in a series of tweets last night.
“The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware.”
First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts.
According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.