Thanks Thanks:  1
Likes Likes:  1
Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2004
    Location
    Ottawa, Canada
    Posts
    35,693
    Mentioned
    21 Post(s)
    Tagged
    0 Thread(s)

    New Super Stealth Astaroth Malware Records Keystrokes

    New Super Stealth Astaroth Malware Records Keystrokes
    by John Lister, Infopackets.com
    July 11, 2019

    Microsoft has warned users about a complicated but cunning malware attack that might not be caught by all security tools. The "Astaroth" malware doesn't actually exist as a file in its own right.

    The main risk to users from Astaroth is that it includes a keylogger. This means it can access everything victims type, including passwords and other sensitive data. That's one of the reasons sites such as online banks often ask users to type specific characters (such as third and eighth) rather than an entire password.

    Malware Hides Within Windows
    What makes Astaroth so hard to detect is that it uses a technique dubbed "living off the land." It's a sophisticated and complicated approach, but in simple terms the malware doesn't have any executable files. Instead, it runs within legitimate Windows processes. (Source: medium.com)

    That's a big problem for many security tools that work by scanning computers and monitoring downloads to look for files that are either known to be malicious or show suspicious characteristics. Such tools don't usually interfere with Windows processes as this could affect the smooth running of a computer and deter people from using the security tools.

    The good news is that other anti-malware techniques can spot Astaroth, including Microsoft Defender ATP. That was previously a commercial product aimed at businesses but is now built into Windows 10 by default.

    Dubious Links Distribute Danger
    These techniques involve monitoring activity on the computer for signs of something amiss. A Microsoft spokesman said that "Some of the fileless techniques may be so unusual and anomalous that they draw immediate attention to the malware, in the same way that a bag of money moving by itself would." (Source: theinquirer.net)

    The way the malware gets onto computers in the first place is nothing new: it's spread by bogus emails that encourage users to click on a link to a file. In this case the file is in .LNK format, which is normally used for shortcuts to Windows applications, such as those that appear on a desktop. Once the .lnk file is clicked, it downloads the malware.

  2. #2
    Join Date
    Mar 2004
    Location
    Ottawa, Canada
    Posts
    35,693
    Mentioned
    21 Post(s)
    Tagged
    0 Thread(s)

    Re: New Super Stealth Astaroth Malware Records Keystrokes

    Moral of this story:

    1. Be careful about clicking on links in emails unless you are sure you know who the email comes from.
    2. Since many emails spoof banking sites, Revenue Canada (or the IRS), Microsoft, etc., instead of clicking on those links go directly to the site.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Disclaimer: PsychLinks is not responsible for the content of posts or comments by forum members.

Additional Forum Web Design by PsychLinks
© All rights reserved.