The Astaroth malware, a notorious banking trojan, has reappeared in recent campaigns, with a specific focus on targeting Brazilian users. The malware is known for running spear phishing attacks to infiltrate various corporate sectors in Brazil.
Astaroth Banking Malware Strikes Again in Brazil
Trend Micro researchers have shed light on the resurgence of Astaroth malware in a recent post. The banking trojan Astaroth poses a significant cyber threat, especially to users in Brazil.
The latest campaign primarily targets corporate users through spear phishing attacks. Trend Micro notes that government offices, manufacturing companies, retail firms, and healthcare organizations are among the top targets.
The attack commences with a phishing email containing malicious attachments that often masquerade as official documents, such as income tax statements. When the victim opens these attachments, the embedded malicious executable “mshta.exe” runs obfuscated JavaScript commands and establishes a connection with the command and control server. This leads to data theft and significant harm to the victim organization, including reputational and financial losses.
The researchers have named this campaign cluster “Water Maskara,” exploiting users’ vulnerability to deceptive emails. To prevent such attacks, users should refrain from engaging with unsolicited emails and verify their authenticity through alternate communication channels, such as phone calls.
Astaroth has been active for several years, garnering attention for its various tactics. In 2019, the malware exploited antivirus software, while in 2020, it targeted users through YouTube channel descriptions. Notably, these campaigns, like the recent one, specifically targeted Brazilian users.
Share your thoughts in the comments section below.
