As originally reported by TheRecord, Microsoft analysts are warning of a recent resurgence of the Java-based backdoor STRRAT. This backdoor was distributed over malspam containing malicious PDF attachments. STRRAT, written in Java, is a typical credential stealer with the addition of a custom shell/PowerShell command execution. Additionally, the rat allows attackers to install RDWrap, an open source RDP session tool. The RAT also renames file extensions on the system to “.crimson” however it doesn’t encrypt the files. Renaming the files fixes the change.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in