Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware | 7/8/2019 | Staff
k.collazi (Posted by) Level 3
Click For Photo:

Microsoft has lifted the lid on the inner-workings of a particularly nasty piece of fileless malware that aims to pilfer user data without needing to install software on the victim's machine.

Dubbed Astaroth – the same name as the Great Duke of **** – the software nasty has been in circulation since 2017 and has primarily been used to steal data from companies in South America and Europe via targeted attacks launched through spear-phishing.

Infection - Unique - Microsoft - Defender - APT

What makes the infection unique, says Microsoft Defender APT research team member Andrea Lelli, is its ability to fly under the radar of traditional antivirus products by operating without ever needing to install an executable on the victim's machine.

"Astaroth is a notorious info-stealing malware known for stealing sensitive information like credentials, keystrokes, and other data, which it exfiltrates and sends to a remote attacker," Lelli explained today.

Attacker - Data - Networks - Theft - Information

"The attacker can then use stolen data to try moving laterally across networks, carry out financial theft, or sell victim information in the cybercriminal underground."

Typically, the attack begins when a victim opens a link inside a spear-phishing email. That link, in turn, opens up a shortcut file to a terminal command that downloads and runs JavaScript code. The JavaScript now pulls and runs two DLL files that perform the dirty work of logging and uploading the victim's information while disguising itself as a system process.

Procedure - Detection - Tools - Process - Nothing

This procedure is highly effective against traditional signature-based detection tools because, throughout the process, nothing...
(Excerpt) Read more at:
Wake Up To Breaking News!
A single death is a tragedy, a million deaths is a Government intervention.
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!