Astaroth Trojan
The Astaroth Trojan is spyware that can use advanced means of collecting information, including keyboard-typed data and passwords from various applications. The users should disable their network connections as soon as possible after infection for keeping the threat actor from collecting anything further. Users with high-quality anti-malware solutions can delete the Astaroth Trojan safely but, still, should change all logins and other security information that it already could have uploaded to the threat actor's server.
The Irony of a Trojan's Choice in Software Subversion
It's far from uncommon for threats of various stripes to be using 'safe' software for their purposes, ranging from legitimate Bitcoin-mining applications to baseline parts of Windows like CMD. One information collector that dates back to late 2018, however, is taking that philosophy to a new level. The Astaroth Trojan, a spyware program that runs off of modules for its attacks, uses a varied handful of different utilities.
Although the Astaroth Trojan's boldness of choices for software to take over is noteworthy highly, it uses the program for otherwise-conventional features, by the standards of spyware. Malware analysts are confirming the below ones with the Astaroth Trojan, although it is being updated and could add new ones through its modules:
- The Astaroth Trojan includes a keylogging feature that records all the strokes that the users type on their keyboard.
- The Astaroth Trojan can hook into other processes, such as Web browsers, instant messengers, or e-mail clients, for confiscating any additional information through them.
- Copy-pasting isn't an adequate workaround, due to this Trojan's including a feature for scavenging from the Windows Clipboard.
- The Astaroth Trojan also abuses NetPass, a free password-recovering utility, for collecting Windows logins over LANs, those of Outlook e-mail accounts and two Messenger programs.
The bulk of these attacks run via the CMD, WMIC and a module-injected Avast library. Users without Avast aren't safe since malware analysts, also, see a 'failsafe' spyware routine that can run using different software if the Avast AV isn't on the system.
Giving Software Demons Their Due
Despite its being a sophisticated and high-level threat, various AV vendors are including defenses and accurate database entries for detecting and countering the Astaroth Trojan. The Avast's team also is announcing the update of its software for rolling out new protections that are specific to this spyware so that future attacks will be incapable of injecting the modules as the threat actor intends. However, its ongoing and frequently-updated campaign makes future tugs-of-war between the Trojan's authors and the cyber-security industry probable.
Users believing their PCs victimized by the Astaroth Trojan should disable network connections immediately. General-purpose Web connections could facilitate the Command & Control data-transferrals that let the Astaroth Trojan upload information or receive commands for new attacks, and LAN ones can facilitate the compromising of other Windows PCs. A dedicated anti-malware solution remains recommended for the act of uninstalling the Astaroth Trojan despite its unique subversion of the Avast brand.
Most threats use some method of hiding themselves or sabotaging the security software that could counteract them. However, what the Astaroth Trojan represents is a remarkable shift towards more invasive programming that skilled threat actors could use to the public's detriment in the future.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.