Cybersecurity: Microsoft warns users against new malware mining personal information

*The tech giant cautions consumers who receive a suspicious e-mail should not click on any attachments as the new malware tries to lure recipients into opening what appear to be PDF attachments in e-mail blasts

*Microsoft announces it will officially end support for its Internet Explorer browser next June

Gbenga Kayode | ConsumerConnect

Microsoft Incorporation is currently alerting users to a huge malware campaign that can steal data and stage fake ransomware attacks.

The reported malware tries to lure recipients into opening what appear to be PDF attachments in e-mail blasts, agency report stated.

The global tech giant, however, disclosed when victims click on those attachments, they wind up downloading a malware variant called StrRAT.

Types of malware   Photo: Comtact

Microsoft’s Security Intelligence Team tweeted that StrRAT’s job is to confuse a computer’s operating system and gain access to browser passwords, log keystrokes, and run remote commands.

Running remote commands can be quite the plaything for a hacker.

It allows them to run willy-nilly through a user’s computer, harvesting sensitive information that can range from email credentials to data stored in internet browsers.

In connection with the attack sequence to watch out for, Microsoft noted in following the malware’s trails, Threatpost was able to determine what the malware’s attack sequence is. It plays out like this:

To start, attackers have been known to use compromised email accounts to send several different emails.

To date, the messages disguise the sender as someone who is a supplier or has something to do with the payment of goods or services.

Some of the messages use the subject line “Outgoing Payments.” Others refer to specific payments supposedly made by the “Accounts Payable Department.”

Still others say “your payment has been released as per attached payment advice” and asks the recipient to verify adjustments made in the attached PDF.

That PDF, if clicked, is where the trouble starts. The malware is downloaded to the user’s computer and the hackers are off to the races gathering all the data they can mine.

While extortion is not the primary idea behind the attack, reports are circulating that the hackers may also try to make a quick buck off users by disguising their attack as a form of ransomware, said the report.

On how to guard against the malware attack, the tech giant said that its Microsoft 365 Defender delivers “coordinated defense against this threat” and can protect users against malicious emails after they’re detected.

The company’s Security Intelligence Team has also published what it knows on GitHub so others who deal with computer security can identify indicators of malicious behaviors related to StrRAT before they do any damage.

Microsoft to drop support for Internet Explorer

In a related development, Microsoft has announced that it will officially end support for its Internet Explorer browser next June.

The company is encouraging users to switch to its newer browser, Microsoft Edge.

The company in a blog post Wednesday, May 19 highlighted the myriad benefits of transitioning to Microsoft Edge.

According to Microsoft, these benefits include enhanced security, speed, and compatibility with a greater range of Web sites.

It stated: “The future of Internet Explorer on Windows 10 is in Microsoft Edge.”

“Not only is Microsoft Edge a faster, more secure and more modern browsing experience than Internet Explorer, but it is also able to address a key concern: compatibility for older, legacy websites and applications.”

Microsoft Edge has Internet Explorer mode (“IE mode”) built in, so users will still be able to access Explorer-based websites and apps from the newer browser, it disclosed. That said, Microsoft said it’s officially pulling the browser out of service next summer.

It further wrote that “with Microsoft Edge capable of assuming this responsibility and more, the Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10.”

In term of the upgrade, Microsoft reportedly has been moving closer to making this announcement for some time.

In 2020, the tech giant said its Microsoft 365 apps suite would no longer support Internet Explorer 11 as of August 17, 2021.

The company touted the various benefits of switching to Edge and said users would “get the most out of Microsoft 365” by switching to its newer browser.

It said it’s committed to helping make the transition to Edge “as smooth as possible.” In its Wednesday blog post, Microsoft said users will find that it’s easy to move all of their passwords and data over to the new browser.

The company stated: “We’ve also aimed to make the upgrade to Microsoft Edge simple. Once you’ve opted in to moving to Microsoft Edge, it’s easy to bring over your passwords, favorites and other browsing data from Internet Explorer in a few clicks.

“And if you run into a site that needs Internet Explorer to open, Microsoft Edge has Internet Explorer mode built-in so you can still access it.”

Kindly Share This Story