Astaroth Banking Malware Runs Actively Targets Users In Brazil

The notorious banking trojan, known as the Astaroth malware, has resurfaced in recent campaigns, particularly targeting Brazilian users. As detected, the Astaroth malware is typically running spear phishing campaigns to target various corporate sectors in Brazil.

Astaroth Banking Malware Resurfaces In Brazil

Researchers from Trend Micro have shared insights about recently detected Astaroth malware activity in their post. As explained, the known banking trojan Astaroth has re-emerged as a cyber threat, particularly for users in Brazil.

Specifically, the recent campaign typically executes spear phishing attacks aimed at corporate users. According to Trend Micro, most attacks target government offices, manufacturing companies, retail firms, and healthcare, followed by others.

The attack begins when a potential victim receives a phishing email with maliciously crafted attachments. These emails often impersonate official communications, such as income tax documents, which the victim would likely open. Once done, the embedded malicious executable “mshta.exe” (an otherwise legit utility to run HTML applications) executes obfuscated JavaScript commands and establishes a connection with the C&C. It then not only steals data from the infected systems but also inflicts long-term damages to the victim firm, including reputational, operational, and financial losses.

The researchers dubbed this activity cluster “Water Maskara,” which typically exploits users’ naivety toward malicious emails. Hence, the best way to avoid this (and similar) attack is to never interact with unsolicited emails, regardless of how urgent they appear. Users must always double-check the authenticity of such emails by contacting the apparent sender via other means, such as phone.

Astaroth has been around for several years, making it to the news several times. For example, in 2019, this malware was found exploiting antivirus software. Likewise, in 2020, the malware YouTube channel descriptions to target users. Notably, like the recent campaign, both these Astaroth campaigns also specifically targeted Brazilian users.

Let us know your thoughts in the comments.

Related posts

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites

RomCom Exploits Zero Days In Recent Backdoor Campaigns