Author Topic: Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks  (Read 16 times)

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4079
    • View Profile
Tara Seals
September 13, 2019  12:06 pm

At every turn, the info-stealer uses legitimate services to get around normal email, endpoint and network defenses.

Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually effective email and network security layers.

The attack starts with an .HTM file attached to an email, according to Aaron Riley, researcher at Cofense. He noted in an analysis this week that the emails come in three “flavors” – an invoice theme, a show ticket theme and a civil lawsuit theme.

full article here:
Windows Defender
VoodooShield 5.01
Trojan Remover