BankInfoSecurity Compliance @prajeetspeaks) • May 24, 2021 If the "Outgoing Payments" PDF is clicked, it downloads the StrRAT. (Source: Microsoft) Microsoft is warning about a spam campaign that uses an updated variant of Java-based StrRAT malware that steals confidential data while disguising itself as a ransomware infection even though it does not actually encrypt data. "This remote access Trojan is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," Microsoft's Security Intelligence Team said in a series of tweets on Thursday. The name extension prevents users from opening the file with a double click, enabling the attackers to go for a quick and easy extortion attempt, but Microsoft notes that users can remove the extension to recover their files.