The notorious Windows malware Astaroth (aptly named after a demon baron of Hell found in occult cosmology) is back at it after several months of inactivity. Microsoft exposed its tactics last year, but the annoying malware is even harder to catch this time around—thanks to the clever methods it uses to conceal itself among seemingly normal files.
Astaroth’s new tactics include using Alternate Data Stream (ADS) to slip malicious hardware into a downloading file without your browser, operating system, or antimalware software ever noticing. Astaroth then uses legitimate Windows tools—such as ExtExport.exe, NirSoft MailPassView, BITSAdmin, and others—to execute its attacks.
It can use these tools to steal your email login credentials, send system information, and open your PC up to other forms of attack that can be extremely dangerous, but since these are legit tools, it will be hard—potentially impossible—for normal anti-virus software to block them.
How to protect yourself from Astaroth’s Windows malware
Given the severity and sophistication of Astaroth’s methods, Windows users need to take precautions against these attacks. Luckily, it doesn’t require anything excessive. Astaroth’s malware attacks almost always begin with an email (usually in Portuguese) that contains a link to a malicious file—typically a .ZIP that contains a .LNK file, which drops a JavaScript file into your Pictures folder when you (foolishly) execute it. And from there, the fun infection begins.
It’s practically common sense at this point, but you need to remain vigilant about what you download and click on, especially email links/attachments or random download links on unfamiliar websites. Using legit windows tools to infect your PC is sneaky and uncommon, but users need to open suspicious emails, click on a link, and download a file in order for the malware-deploying software to show up on your PC in the first place.
In other words, if you weren’t expecting to receive a .ZIP, or a .LNK, or don’t even know what the latter is, don’t run it on your system. If you’ve downloaded it, delete it immediately—or, if you must check it out, at least run it in a virtual machine or a sandbox to shield your primary operating system from harm.
Astaroth’s malware attacks aren’t the only thing Windows users need to look out for, especially in our current global circumstances. Numerous groups are taking advantage of the COVID-19 turmoil to dupe unsuspecting users into downloading fake virus-tracking apps and other scams. Since more people are now working from home or staying in to avoid contracting (or spreading) COVID-19, keeping your PC, mobile devices, and home network safe is almost as important as keeping yourself physically and mentally healthy.
Leave a Reply
You must be logged in to post a comment.