|Type of Malware||Fileless Malware, Info Stealing Malware|
|Date of Initial Activity||2017|
|Motivation||Information targeted includes financial data, sensitive browser data (passwords/credentials), SSH, and email credentials. Upon retrieval, the information encrypted, then exfiltrated via an HTTPS POST to the attacker’s C2 server.|
Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques.
Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in North America and Europe.
Tools/ Techniques Used
Impact / Significant Attacks
Astaroth Trojan malware has resurfaced in South America, with more than 8,000 machines attacked in just one week.