Cybereason has released an update regarding the recent re-emergence of the Astaroth Trojan. You can read it here.
I wrote briefly about the subject on February 22nd. You can read that blog article here: fyi-the-astaroth-trojan.
Attack highlights include:
1. The Astaroth Trojan spam campaign is a Trojan most recently used to steal passwords
and personal information from individuals in Brazil.
2. Brazil is a major contributor to global cybercrime that continues to have a plethora of
new, nefarious activities targeting individuals.
3. The Astaroth Trojan disguises its payload as JPEG, GIF, and extension-less files to avoid
detection.
4. The campaign exploits legitimate operating system processes as well as security vendor
products from companies like Avast and GAS Tecnologia to gain information about the
target machine and steal password information, as well as keystate information and
clipboard usage.
5. Full research on the latest Astaroth Trojan variant can be found here.
If you’ve got any questions please feel free to contact us. If you’ve got any thoughts or comments please feel free to leave them in the comment section below.
If you haven’t subscribed to our weekly newsletter please use the CTA in top right hand corner of the page.