A new attack is now underway involving the notorious Astaroth banking Trojan, a banking Trojan which is used to steal cryptocurrency credentials, and cybersecurity researchers at McAfee have discovered that this Trojan exploited the GitHub platform for distribution. This is a worrying revelation that emphasises the increasing sophistication of cybercrime.
Known for its stealthy and persistent nature, the malware has evolved to make use of GitHub repositories as backup command-and-control centres whenever its primary servers are taken down, thus enabling it to continue operating even under takedown attempts on its primary servers.
A McAfee study found that the campaign is mostly spread through deceptive emails that lure unsuspecting recipients into downloading malicious Windows shortcuts (.lnk) files as a result of these emails.
It is believed that the Astaroth malware is silently installed by the malicious executable files. Once these files are executed, they will deeply enslave the victim’s system, as soon as they are executed.
As the Trojan runs quietly in the background, it employs advanced keylogging techniques so that it can steal banking and cryptocurrency credentials, transmitting the stolen information to the attackers’ remote infrastructure via the Ngrok reverse proxy.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: