New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info

A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules.

According to Cybereason’s Nocturnus team which discovered the new Astaroth strain, just like previous instalments, the malware uses “legitimate, built-in Windows OS processes to perform malicious activities and deliver a payload without being detected” but it also makes use “of well-known tools and even antivirus software to expand its capabilities.”

The Astaroth Trojan and information stealer was previously detected by Cofense as part of a malware campaign impacting Europe and especially Brazil, and it is known for abusing living-off-the-land binaries (LOLbins) such as the command line interface of the Windows Management Instrumentation Console (WMIC) to surreptitiously download and install malicious payloads in the background.

Read more…
Source: Bleeping Computer