LTS Secure Warning: New Mal-Spam Campaign Identified Delivering Infostealer.Astaroth With Advanced Evasion Techniques
A new version of the Astaroth malware has surfaced again & is making use of native microsoft tools to evade common security solutions. Attackers are making use of Mal-Spam campaigns to target mostly users in Brazil & European countries.
The trojan makes it way on the compromised computer via .zip file contained in spam email. Once the .zip is downloaded & extracted, it presents an .lnk file, that upon pressing start the infection process. The process makes use of wmic.exe to initialize a XSL script processing attack. This allows the malware to communicate with a remote C&C server & send sensitive/personal information from the infected machine to attacker.
The XSL file additional consists of highly obfuscated code that has the ability to execute further malicious activity & assists the malware from being hidden from anti-viruses.
- Logs user’s keystrokes.
- Prevents operating system calls.
- Gather information saved to the clipboard.
- Steal sensitive/confidential information like login credentials of banking sites, cookies, etc.
- Never download any suspicious attachments or click on any shady-looking link.
- Take an effort to educate your users on how to identify a mail-spam.
- Try to avoid downloading and using any Freeware application.
- Always update your anti-virus software with the latest releases.
- Run a periodic Full system scan.