CyberNews Briefs

Microsoft warns about Astaroth malware campaign

Microsoft has uncovered a sophisticated new spam campaign that is pushing the information stealing malware Astaroth. In order to avoid detection by anti-malware suites, the Astaroth Trojan is not directly attached to the spam messages, but is distributed via malicious scripts that take advantage of legitimate Windows tools, a tactic known as living-off-the-land.

The spam emails contain a link to a URL where a .LNK shortcut file is being hosted. Interacting with this file will launch the Windows Management Instrumentation Command-line (WMIC) tool, which will then launch other Windows tools, one of which eventually downloads Astaroth onto the targeted device.

Living-off-the-land attacks, also referred to as fileless attacks, are increasingly popular among threat actors because they are more difficult to detect.

Read more: Microsoft warns about Astaroth malware campaign

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.