Over the past year, the Astaroth infostealer trojan has evolved into one of today’s stealthiest malware strains, containing a slew of anti-analysis and anti-sandbox checks to prevent security researchers from detecting and analysing its operations. The malware has historically targeted Brazilian users ever since it was first spotted in the wild in September 2018.

IBM researchers were the first ones to detect and analyse the malware, followed by Cybereason, and then Microsoft, which analysed its evolution across two separate blog posts, in July 2019 and March 2020.

Astaroth now uses YouTube channel descriptions to hide the URL for its command and control (C2) servers.

Astaroth malware hides command and control (C&C) servers inside YouTube channel descriptions

The malware has continued to evolve into a dangerous threat. Luckily, it's only spreading in Brazil only, right now.https://t.co/b0AEY29Pbt pic.twitter.com/LRLCBhK4y6

— Catalin Cimpanu (@campuscodi) May 12, 2020

May 13, 2020

Niamh Muldoon

+ Follow Me - UnFollow Me

Senior Director of Trust and Security, EMEA

OneLogin

The return of this stealthy malware, Astaroth, is concerning. At the moment this trojan is only active in Brazil but if this method of concealing server URLs on YouTube spreads globally there could be serious numbers of infections. Any malware with the capability of infecting computers to collect data to be sold online is very worrying. In order to prevent attackers infiltrating deeper, both organisations and consumers alike need to implement MFA; hard tokens, biometrics or one-time passwords.....Read More

The return of this stealthy malware, Astaroth, is concerning. At the moment this trojan is only active in Brazil but if this method of concealing server URLs on YouTube spreads globally there could be serious numbers of infections. Any malware with the capability of infecting computers to collect data to be sold online is very worrying. In order to prevent attackers infiltrating deeper, both organisations and consumers alike need to implement MFA; hard tokens, biometrics or one-time passwords prevent 99.9% of account takeovers.  Read Less

Like(1)  (0)

×

Linkedin Message

@Niamh Muldoon, Senior Director of Trust and Security, EMEA, provides expert commentary at @Information Security Buzz.
"The return of this stealthy malware, Astaroth, is concerning...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-comments-on-astaroth-malware

Copy this message and share on your Linkedin profile. Thanks! COPY

×

Facebook Message

@Niamh Muldoon, Senior Director of Trust and Security, EMEA, provides expert commentary at @Information Security Buzz.
"The return of this stealthy malware, Astaroth, is concerning...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-comments-on-astaroth-malware

Copy this message and share on your Facebook profile. Thanks! COPY

Please login to comment.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *

Your Registered Email *

Notification Email (If different from your registered email)

* By using this form you agree with the storage and handling of your data by this web site.

SUBMIT

Thank you, your expert comments have been submitted for review.

×

Upload Content

Youtube Link  

Image  

---

Youtube Link (Ex: https://www.youtube.com/watch?v=eUxUUarTRW4 )

Add

Uploading the content. Please wait....

Submit

×