According to report, Microsoft researchers have recently spotted Astaroth Backdoor Trojan which is now back and using a living-off-the-land techniques to make it even harder for most the antimalware to identify the attacks. Thanks to Windows Defender ATP (well-known commercial antivirus Windows Defender for free) which was detected this risk during May & June 2019. Security researchers team was used specific algorithm to catch a form of fileless attacks in particular. Let’s take have a look at statement of Microsoft Defender ATP official report.
“I was doing a standard review of telemetry when I noticed an anomaly from a detection algorithm designed to catch a specific fileless technique. Telemetry showed a sharp increase in the use of the Windows Management Instrumentation Command-line (WMIC) tool to run a script, indicating a fileless attack.”
Fileless Astaroth malware spreads via malicious email messages with links to malicious .lnk file
Microsoft researcher’s team found that the malware attack has been started now as name of Astaroth Backdoor Trojan which involves in massive spam campaign that sent out email with links to websites hosting file with .LNK Extension. It sends this malicious email message to target users in order to steal their personal information. This malicious tool allows downloading additional codes and passing the output to one another.
However, it download and run the backdoor Trojan as name of Astaroth that is desgined in such a way that is able to steal information, drop various credential and upload the collected data to remote hacker server. Let’s take have a look at further statement of Andrea Lelli about the malware.
“The Regsvr32 tool is then used to load one of the decoded DLLs, which in turn decrypt and loads other files until the final payload, Astaroth, is injected into the Userinit process.”
Major feature of Astaroth Backdoor Trojan: File-stealing feature
Since, this malware was firstly detected in 2017 and came back in 2018. The main aim of attacker behind this activity is to target the European & Brazilian user based on Microsoft researchers, this time 90% of infections were found in Brazil. The major feature of this malware is to fileless operations that run in targeted System automatically and steal file of their PCs. Microsoft advise to please be safe the PCs against such type of attacks. For any suggestions or queries, please write on comment box given below.