Quote:The operators of the Astaroth infostealer have implemented several new tactics aimed at evading detection, which researchers say have made the malware “painful to analyze.”
Astaroth first emerged in 2017, but has steadily been used over the years in increasingly sophisticated campaigns aimed at exfiltrating sensitive data. In September, for instance, researchers with Cofense warned that the trojan was being spread via phishing emails, and was using normally trusted sources as a cover for malicious activities to evading usually effective network security layers.
More recent analysis of the infostealer has now emerged, after it was discovered at the heart of a spear-phishing campaign targeting Brazilians over the past nine months. The newest Astaroth samples show that the malware family is being updated and modified “at an alarming rate,” according to Cisco Talos researchers.
“Astaroth is evasive by nature and its authors have taken every step to ensure its success,” researchers Nick Biasini, Edmund Brumaghin and Nick Lister said in a Monday analysis. “They have implemented a complex maze of anti-analysis and anti-sandbox checks to prevent the malware from being detected or analyzed. Starting with effective and impactful lures, to layer after layer of obfuscation, all before any malicious intent was ever exposed.”
The most recent campaign is spreading Astaroth to Brazilian users in thousands of emails, written in Portuguese. Over the last six to eight months, these actors have leveraged a variety of different lures touching on several different topics, including the coronavirus pandemic (in messages pretending to be from the Ministry of Health for Brazil), or the status of victims’ Cadastro de Pessoas Físicas, a vital document in Brazil similar to Social Security cards in the United States.
Read more: https://threatpost.com/astaroths-evasion...ze/155633/
![[-]](https://www.geeks.fyi/images/collapse.png)
