Skip to main content



Category: Malware

Type: Remote access trojan (RAT)

Platforms affected: Windows

Variants: STRRAT 1.2, 1.5, 1.6

Damage potential: Stolen credentials, keylogging, data exfiltration, backdoor capabilities


STRRAT is a Java-based remote access trojan. It collects login credentials from browsers and email services, steals passwords by recording keystrokes or extracting saved passwords from browsers, and sends all this data to its command and control servers.

STRAAT also mimics a ransomware attack by adding the “.crimson” extension to file names and dropping a fake ransom note — but this is just to deceive victims. STRAAT doesn’t encrypt files.

Possible symptoms

If you notice the “.crimson” extension on your files or find a note titled “crimson_info.txt”, you might suspect a STRAAT infection. Here are other possible symptoms:

  • Slower computer performance.
  • Unexpected restarts.
  • Unauthorized changes in system settings.

Sources of infection

STRAAT typically infects devices through phishing emails that trick recipients into opening malicious attachments, such as Excel files.


Staying vigilant online is crucial to protecting your devices from STRAAT and similar threats.

  • Always be cautious about email attachments, especially from unknown senders.
  • Avoid downloading files or software from unofficial sources.
  • Scan downloads for malware with NordVPN’s Threat Protection.
  • Use a password manager instead of saving passwords in your browser.
  • Make sure your operating systems and software are updated.
  • Install a reputable antivirus solution.
  • Regularly back up important data.


Follow these steps to remove STRRAT from an infected device with antivirus software:

  • Disconnect from the internet to stop STRRAT from communicating with its command and control servers.
  • Run a full system scan and follow the software instructions to remove the malware.
  • Restart your device.
  • Change passwords for your online account.
  • If you’re unsure about the complete removal, consider getting professional help.