Over the past year, the Astaroth infostealer trojan has evolved into one of today’s stealthiest malware strains, containing a slew of anti-analysis and anti-sandbox checks to prevent security researchers from detecting and analysing its operations. The malware has historically targeted Brazilian users ever since it was first spotted in the wild in September 2018.
IBM researchers were the first ones to detect and analyse the malware, followed by Cybereason, and then Microsoft, which analysed its evolution across two separate blog posts, in July 2019 and March 2020.
Astaroth now uses YouTube channel descriptions to hide the URL for its command and control (C2) servers.
https://twitter.com/campuscodi/status/1260058068232146950
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.