A massive hacking campaign is currently underway. Hackers send a multitude of different emails to their victims, hoping they open at least one. Inside is an attachment, as a PDF, which is actually malware capable of stealing passwords.
We cannot say it enough, always double-check before downloading an attachment sent by email. It is a technique as old as the world – at least, as the Internet – and yet it still works. After revealing that malware is currently attacking the aviation industry , Microsoft has discovered a huge mailing campaign aimed at stealing the passwords of its victims.
In these emails there is a systematic PDF file, which at first glance seems harmless, but which in fact hides a Trojan called StrRAT. The latter is vicious, since it is multitasking. Like Panda Steeler, it can therefore steal the identifiers in digital wallets. But that’s not all: it can also be used to take control of the infected machine, or even disguise itself as ransomware.
Hackers Trick Their Victim into Downloading The Malware
To ensure maximum success rate, hackers use mass social engineering. Thus, the campaign is not based on a single standard email, but on a multitude of addressing various topics, hoping one of them attracts the attention of the targeted people. Many imitate financial emails, such as announcing large payments or transfers .
Keep in mind, however, that the malware is only active when downloaded by the victim. Also, if the mail goes by the wayside, the machine will not be infected, and passwords and other information will remain safe. If an email with an attachment looks suspicious to you, then it probably is. Avoid downloading the file at all costs. Microsoft also specifies that its Defender antivirus can detect malware and protect the targeted PC.