Dismiss this notice
Master PDF Editor Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6240

Dismiss this notice
Avast Premier Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6095

Dismiss this notice
Ashampoo Snap 10 Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6241

Dismiss this notice
Backup4all Professional Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6464


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
This Trojan exploits antivirus software to steal your data
#1
Quote:New banking trojan malware getting ready for a global campaign, experts warn
A new strain of the Astaroth Trojan has been given the capability to exploit vulnerable processes in antivirus software and services.

Cybereason's Nocturnus Research team said in a blog post published on Wednesday that the variant is able to utilize modules in cybersecurity software in order to steal online credentials and personal data.  

 
In its latest form, Astaroth is being used in spam campaigns across Brazil and Europe, with thousands of infections recorded at the end of 2018. The malware spreads through .7zip file attachments and malicious links.

The cybersecurity researchers said the Trojan masquerades as a JPEG, .GIF, or an extensionless file to avoid detection when executed on a machine.

If a spam email or phishing messages prove successful and the file is downloaded and opened, the legitimate Microsoft Windows BITSAdmin tool is used to download the full payload from a command-and-control (C2) server.

After initializing, the malware launches an XSL script which establishes a channel with the C2 server. The script, which is obfuscated, contains functions to hide itself from antivirus software and is responsible for the process which leverages BITSAdmin to download payloads, including Astaroth, from a separate C2 server.

Source
[-] The following 2 users Like Toligo's post:
  • harlan4096, silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Try Out the Reader Mode in Microsoft’s N...
Last Post: silversurfer
Today 14:13
» Replies: 0
» Views: 27
Microsoft Brings a Key Security Feature ...
Last Post: silversurfer
Today 14:13
» Replies: 0
» Views: 26
PC Game Giveaway:Assassins Creed Unity
Last Post: sinanogz
Today 10:57
» Replies: 0
» Views: 23
LibreOffice 6.1.2
Last Post: JM Safe
Today 09:53
» Replies: 5
» Views: 197
WhatsApp Will Allow Users to Block Conve...
Last Post: JM Safe
Today 09:51
» Replies: 1
» Views: 30
Avast Blog_Security News: Facebook wants...
Last Post: harlan4096
Today 07:51
» Replies: 0
» Views: 25
Avast Blog_Tips & Advices: Are budget-tr...
Last Post: harlan4096
Today 07:49
» Replies: 0
» Views: 20
Emsisoft Anti-Malware named one of AVLab...
Last Post: harlan4096
Today 07:41
» Replies: 0
» Views: 47
Next generation antivirus: the future of...
Last Post: harlan4096
Today 07:38
» Replies: 0
» Views: 34
10 Chrome Extensions to Boost Your Onlin...
Last Post: harlan4096
Today 07:31
» Replies: 0
» Views: 22
Microsoft Announces Surface Hub 2S: 50-I...
Last Post: harlan4096
Today 07:26
» Replies: 0
» Views: 18
AMD 50th Anniversary Ryzen CPUs Listed A...
Last Post: harlan4096
Today 07:24
» Replies: 0
» Views: 15
The Huawei P30 & P30 Pro Reviews: Photog...
Last Post: harlan4096
Today 07:22
» Replies: 0
» Views: 25
Samsung Completes Development of 5nm EUV...
Last Post: harlan4096
Today 07:20
» Replies: 0
» Views: 24
TSMC Reveals 6 nm Process Technology: 7 ...
Last Post: harlan4096
Today 07:16
» Replies: 0
» Views: 19
8 ways in which Microsoft Edge (Chromium...
Last Post: harlan4096
Today 07:11
» Replies: 0
» Views: 24
Google to present browser and search cho...
Last Post: harlan4096
Today 07:09
» Replies: 0
» Views: 19
Ubuntu 19.04 is out
Last Post: harlan4096
Today 07:07
» Replies: 0
» Views: 17
Start Menu gets its own process and a pe...
Last Post: harlan4096
Today 07:04
» Replies: 0
» Views: 21
Microsoft explains how Dynamic Updates w...
Last Post: harlan4096
Today 07:02
» Replies: 0
» Views: 23

[-]
Staffs Online
There are no staff members currently online.