Dismiss this notice
Ashampoo Photo Optimizer 7 New Year 2019 Giveaway-https://www.geeks.fyi/showthread.php?tid=4948

Dismiss this notice
MakeUSLaugh_HitmanPro.Alert New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4946

Dismiss this notice
Ashampoo Burning Studio 20 New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4947

Dismiss this notice
PowerISO New Year 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5170


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
This Trojan exploits antivirus software to steal your data
#1
Quote:New banking trojan malware getting ready for a global campaign, experts warn
A new strain of the Astaroth Trojan has been given the capability to exploit vulnerable processes in antivirus software and services.

Cybereason's Nocturnus Research team said in a blog post published on Wednesday that the variant is able to utilize modules in cybersecurity software in order to steal online credentials and personal data.  

 
In its latest form, Astaroth is being used in spam campaigns across Brazil and Europe, with thousands of infections recorded at the end of 2018. The malware spreads through .7zip file attachments and malicious links.

The cybersecurity researchers said the Trojan masquerades as a JPEG, .GIF, or an extensionless file to avoid detection when executed on a machine.

If a spam email or phishing messages prove successful and the file is downloaded and opened, the legitimate Microsoft Windows BITSAdmin tool is used to download the full payload from a command-and-control (C2) server.

After initializing, the malware launches an XSL script which establishes a channel with the C2 server. The script, which is obfuscated, contains functions to hide itself from antivirus software and is responsible for the process which leverages BITSAdmin to download payloads, including Astaroth, from a separate C2 server.

Source
[-] The following 2 users say Thank You to Toligo for this post:
  • harlan4096, silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Marriott now lets you check if you’re a ...
Last Post: Toligo
Today 23:01
» Replies: 0
» Views: 16
How AI and machine learning can help you...
Last Post: Toligo
Today 22:58
» Replies: 0
» Views: 31
Five emerging cybersecurity threats you ...
Last Post: Toligo
Today 22:51
» Replies: 0
» Views: 22
Twitter has been storing your ‘deleted’ ...
Last Post: Toligo
Today 22:48
» Replies: 0
» Views: 14
Ransomware attackers exploit old plug-in...
Last Post: Toligo
Today 22:45
» Replies: 0
» Views: 18
Using Machine Learning to Detect Malware...
Last Post: Toligo
Today 22:44
» Replies: 0
» Views: 35
G DATA Security Blog_DeepRay foils cyber...
Last Post: jasonX
Today 18:34
» Replies: 0
» Views: 27
G DATA Security Blog_Emotet: G DATA expl...
Last Post: jasonX
Today 18:31
» Replies: 0
» Views: 26
G DATA Antivirus Software 2019
Last Post: jasonX
Today 18:23
» Replies: 0
» Views: 9
The hacking strategies that will dominat...
Last Post: Toligo
Today 17:37
» Replies: 0
» Views: 23
PC Game Giveaway: EMMA The Story
Last Post: sinanogz
Today 15:26
» Replies: 0
» Views: 28
Microsoft Edge, Google Chrome Will Be Ab...
Last Post: silversurfer
Today 10:15
» Replies: 0
» Views: 34
Google working on new Chrome security fe...
Last Post: silversurfer
Today 10:10
» Replies: 0
» Views: 35
[Official] MakeUSLaugh_HitmanPro.Alert N...
Last Post: jasonX
Today 07:17
» Replies: 14
» Views: 1056
Sandboxie updates
Last Post: silversurfer
Yesterday 22:32
» Replies: 3
» Views: 396
Mozilla to harden Firefox defenses with ...
Last Post: Toligo
Yesterday 22:21
» Replies: 2
» Views: 31
Vox Media targets YouTuber that parodied...
Last Post: Toligo
Yesterday 22:18
» Replies: 0
» Views: 37
Bank of Valleta Shuts Down Their Service...
Last Post: Toligo
Yesterday 22:06
» Replies: 0
» Views: 37
Coffee Meets Bagel Dating App Warns User...
Last Post: Toligo
Yesterday 22:01
» Replies: 0
» Views: 34
Astaroth Trojan Exploits Antivirus Softw...
Last Post: Toligo
Yesterday 21:54
» Replies: 0
» Views: 37

[-]
Staffs Online
There are no staff members currently online.