Jump to content

Astaroth malware


Recommended Posts

  • Staff

Greetings,

Yes, it should as Malwarebytes includes multiple layers of defense which have proven especially effective against file-less malware attacks like Astaroth thanks to its Exploit Protection, not to mention its Web Protection which guards against malicious websites; the sources of known malware threats and attacks.  With that said, there are no guarantees as the bad guys are always modifying and adapting their threats and attacks to attempt to evade detection, so no solution is guaranteed to be 100% effective, however if you aren't already, you may also add other security software to your system to run alongside Malwarebytes if you would prefer to have an AV as a second opinion.  If you are running Windows 10, you may enable the built in Windows Defender, and if running Windows 7 you may install Microsoft Security Essentials.  There are also free AVs from vendors such as Avast, Avira, AVG, Comodo, Kaspersky and Sophos among others (but only use 1 antivirus with Malwarebytes, otherwise you will be likely to run into conflicts and/or performance problems between the two AVs).

Additionally, if you would like to further augment your protection you may install the Malwarebytes browser extension beta.  In addition to the database/blacklist based blocking of the Web Protection component in Malwarebytes, it adds behavioral detection for known types of malicious sites such as phishing sites, tech support scams and many others.  It also blocks many ads as well as trackers to protect privacy and also includes blocking for clickbait links/sites and works well with Malwarebytes Premium.  It is available for Chrome (as well as other Chromium based browsers such as SRWare Iron, Vivaldi, and Microsoft's new Chromium based Edge browser) and Mozilla Firefox.  You can learn more about it and find download links in the following topics:

Chrome
Firefox

Beyond that, you can learn more about the various layers of defense in Malwarebytes Premium by reviewing the chart and information on this page.

Of course you should also always keep your web browser and operating system up to date with the latest patches and updates, as well as any browser extensions/plugins you might have installed to help protect yourself from vulnerabilities.

I hope this helps set your mind at ease, and if there is anything else we might assist you with please let us know.

Thanks

Link to post
Share on other sites

To add a bit more:

Follow best practices when browsing the Internet, especially on opening links coming from  unknown,  untrusted sources, or from unexpeted email messages.
First rule of internet safety: slow down & think before you "click".  Especially be careful with spam email, phishing emails.

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog https://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

Accodring to a ZDNet article on this type malware  https://www.zdnet.com/article/microsoft-warns-about-astaroth-malware-campaign/
 

Quote

When Microsoft looked closer, it discovered a malware campaign that consisted of a massive spam operation that was sending out emails with a link to a website hosting a .LNK shortcut file.

 

Also see https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Edited by Maurice Naggar
Link to post
Share on other sites

  • Staff

I also pulled up the following information regarding file-less malware from the Malwarebytes Labs blog that you may find interesting.  These types of threats have been a major area of focus for Malwarebytes over the past few years as they have become much more popular due to the fact that they often are quite effective against more traditional AV engines (though Malwarebytes is obviously not an AV, and its methods are quite far from the traditional methods more commonly used throughout the industry to detect attacks/threats; one of the key reasons Malwarebytes is very well equipped to deal with threats of this nature):

Fileless infections: an overview
Fileless malware: getting the lowdown on this insidious threat
Fileless malware: part deux
Hancitor: fileless attack with a DLL copy trick
Fileless Infections from Exploit Kit: An Overview
Adware the series, part 6 (includes a section on file-less infections)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.