Remote Access Trojan
STRRAT
First seen: 2020 • Status: active
Currently Active Threat
STRRAT pretends to be ransomware to scare victims, but it is really just stealing passwords while making you think your files are locked.
Overview
STRRAT is a Java-based RAT that masquerades as ransomware without actually encrypting files. It focuses on credential theft and keylogging.
Also Known As
Strigoi Master RAT
How It Spreads
- • Phishing emails
- • Malicious JAR attachments
- • Office macros
What It Does
- • Fake ransomware display
- • Credential theft
- • Keylogging
- • Browser password theft
- • Email credential theft
Is your business exposed?
Target Platforms
Windows, macOS, Linux
Detection Tips
- • Monitor Java process execution
- • Check for fake ransom notes
- • Analyze JAR file behavior
- • Review browser credential access
MITRE ATT&CK Techniques
T1566, T1059, T1056, T1555, T1491
If You're Infected
- 1.
Do not pay ransom - files are not encrypted
- 2.
Remove STRRAT malware
- 3.
Reset all passwords
- 4.
Update Java or remove if not needed
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required