How to Avoid the New Astaroth Malware Hitting Windows
The infamous Windows malware Astaroth (aptly named after the demonic baron of hell discovered in occult cosmology) has returned to it after months of inactivity. Microsoft revealed its tactics last year, but this time the pesky malware is even harder to catch – thanks to clever techniques it uses to hide itself among seemingly normal files.
Astaroth’s new tactic involves using an alternate data stream (ADS) to inject malicious hardware into a download so that your browser, operating system, or anti-malware software won’t notice. Astaroth then uses legitimate Windows tools like ExtExport.exe, NirSoft MailPassView, BITSAdmin and others to carry out their attacks.
It can use these tools to steal your email credentials, send system information, and open your PC to other forms of attacks, which can be extremely dangerous, but since these are legitimate tools, it would be difficult – potentially impossible – for conventional anti-virus software to block them.
How to protect yourself from Astaroth malware for Windows
Given the seriousness and sophistication of Astaroth’s methods, Windows users need to take precautions against these attacks. Fortunately, it doesn’t require anything extra. Astaroth malware attacks almost always start with an email (usually in Portuguese) that contains a link to a malicious file – usually a .ZIP containing a .LNK file that puts a JavaScript file in your images folder when you (foolishly) execute it … … And from there the most interesting infection begins.
This is pretty much common sense at this point, but you need to remain vigilant about what you download and what you click on, especially email links / attachments or random download links on unfamiliar websites. Using legitimate Windows tools to infect your computer is subtle and unusual, but users need to open suspicious emails, click a link, and download a file for the malware deployment program to appear on your computer in the first place.
In other words, if you weren’t expecting to receive a .zip, or .LNK, or even don’t know which is the latter, don’t run it on your system. If you downloaded it, uninstall it immediately or, if you need to check, at least run it in a virtual machine or sandbox to protect your main operating system from damage.
Astaroth malware attacks are not the only thing Windows users should look out for, especially in today’s global environment. Numerous groups have taken advantage of the COVID-19 riot to trick unsuspecting users into downloading fake virus-tracking apps and other types of scams. As more people now work from home or stay at home to avoid contracting (or spreading) COVID-19, keeping your PC, mobile devices and home network safe is almost as important as keeping you physically and mentally healthy.