February 22, 2019

You might of heard recently that the Astaroth Trojan is making a comeback. We break down what it is, why it’s making a comeback and more…

Despite having a name that makes it sound like a lost Michael Crichton novel of Swedish Death Metal, the Astaroth Trojan is a nasty piece of code. The trojan was first detected in 2017 after it was used in multiple South American cyber attacks.

Historically solicited by email and corrupt attachments, the Trojan uses Windows Management Instrumentation Console and its command line interface to download and instal its payload. Typically its used a non-interactive mode to hide what it’s doing from the enduser.

To avoid detection Astaroth hid in plain site, using a seemingly safe domain with an additional URL snippet added on that points to its payload. Past versions, upon being installed would scan for antivirus software. If antivirus was found on the endpoint the malware would shut itself down.

This new version behaves differently. The Trojan’s payload typically disguises itself as a JPEG, GIF or an extension-less attachment. Once downloaded and opened, the new Astaroth Trojan actually leverages antivirus software, specifically Avast Free Antivirus, to inject a malicious module into one of its processes. Upon installation the malware begins to log keystrokes, intercept operating system calls and gather other PII info to steal credentials and passwords.

Because Avast is one of the most used antivirus solutions on the planet, this could be a particularly nasty piece of Malware.

The new variant was discovered by the fine folk that make up Cybereason’s Nocturnus Research team (also not a Death Metal band…I’m starting to see a trend here…hmmm…).

You can read more about Astaroth here (https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil) on Cybereason’s blog. We’ll keep you up to date if we hear anything else regarding Astaroth. Until then, if you’re using Avast we recommend you try something different. We personally recommend Cybereason’s EDR platform or CylancePROTECT.

Have anything you’d like to share regarding this topic? Lets us know by leaving a comment.

Interested in learning more about Integris? Download our free Intelligence in Depth guide today!

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...