Newish hard to detect Virus threat "Astaroth"

grahroll · 12 July 2019 00:39

A newish (has been seen since 2017 in EU and Brazil) threat that may be hard for some traditional AV tools to detect has been dubbed “Astaroth”. It uses a .LNK link in an email to set itself up using legitimate OS & AV processes. Basic precaution is DON’T click on links in emails unless you are very sure they are genuine.

To read more about this fileless threat (it doesn’t come as a downloadable file) see:

https://www.theinquirer.net/inquirer/news/3078616/microsoft-warns-astaroth-fileless-malware

https://attack.mitre.org/software/S0373/

https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

postulative · 12 July 2019 09:08

Wait - how can I trust the links you just posted?

To be clear, the email apparently contains a link to a website that hosts a .LNK file, that you then need to download and run. Don’t click email links!

I like the Microsoft description and process map.

Cool name someone chose for the malware.

Join the conversation

Ask a question. Share tips. Help others.

Make yourself heard

Join our forum and be part of Australia’s biggest consumer movement.

Newish hard to detect Virus threat "Astaroth"