FYI: The Astaroth Trojan

by

February 22, 2019

You might of heard recently that the Astaroth Trojan is making a comeback. We break down what it is, why it’s making a comeback and more…

Despite having a name that makes it sound like a lost Michael Crichton novel of Swedish Death Metal, the Astaroth Trojan is a nasty piece of code. The trojan was first detected in 2017 after it was used in multiple South American cyber attacks.

Historically solicited by email and corrupt attachments, the Trojan uses Windows Management Instrumentation Console and its command line interface to download and instal its payload. Typically its used a non-interactive mode to hide what it’s doing from the enduser.

To avoid detection Astaroth hid in plain site, using a seemingly safe domain with an additional URL snippet added on that points to its payload. Past versions, upon being installed would scan for antivirus software. If antivirus was found on the endpoint the malware would shut itself down.

This new version behaves differently. The Trojan’s payload typically disguises itself as a JPEG, GIF or an extension-less attachment. Once downloaded and opened, the new Astaroth Trojan actually leverages antivirus software, specifically Avast Free Antivirus, to inject a malicious module into one of its processes. Upon installation the malware begins to log keystrokes, intercept operating system calls and gather other PII info to steal credentials and passwords.

Because Avast is one of the most used antivirus solutions on the planet, this could be a particularly nasty piece of Malware.

The new variant was discovered by the fine folk that make up Cybereason’s Nocturnus Research team (also not a Death Metal band…I’m starting to see a trend here…hmmm…).

You can read more about Astaroth here (https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil) on Cybereason’s blog. We’ll keep you up to date if we hear anything else regarding Astaroth. Until then, if you’re using Avast we recommend you try something different. We personally recommend Cybereason’s EDR platform or CylancePROTECT.

Have anything you’d like to share regarding this topic? Lets us know by leaving a comment.

Interested in learning more about Integris? Download our free Intelligence in Depth guide today!

Carl Keyser is the Content Manager at Integris.

Keep reading

How Microsoft 365 management is a game-changer for law firms

How Microsoft 365 management is a game-changer for law firms

Law firms are investing in technologies for operational efficiency and to become more competitive in a crowded market. Increasingly, managed service providers (MSPs) are helping law firms with Microsoft 365 management so that law firms can operate more efficiently and...

Anchor Links Test

This is a test of using anchor links to form a TOC. Table of Contents: Header One Header Two Proin finibus euismod maximus. Vivamus non volutpat nisi. Nullam ac porta diam. Nullam id tortor a ante mattis elementum. Integer vel lorem id velit pharetra venenatis a ut...

Is DeepSeek Safe for My Company’s Systems?

Is DeepSeek Safe for My Company’s Systems?

China’s new DeepSeek AI engine Has Ushered in a New Era of Fast-Turn, Low-Cost AI Tools. But Are the Risks Worth the Rewards for US Companies? Key Takeaways: China's DeepSeek has been hailed as the nimble new competitor to US large language AI models—an alternative...