Attackers are delivering the Astaroth info-stealing backdoor by leveraging a combination of fileless malware and “living off the land” techniques

All through the attack chain, the only tools and utilities used are those already present on most Windows systems: WMICBITSAdminCertutilRegsvr32 and Userinit.

The attack starts with spear-phishing emails targeting employees and tricking them into following the included link to an archive file, and ends with Astaroth being run directly in memory (injected into the Userinit process).

Read details of attack here…

Every executable used in the attack is non-malicious, therefore evading existing defense solutions like anti-viruses. One of the most effective ways of stopping these sorts of attacks is to prevent the employee from ever clicking the link in the email.

Although human error may never be eliminated, CDR technology would prevent such threats by detecting the malicious content, disarm the malicious component and deliver a clean downloaded filer which is harmless.

Click here to learn how CyberQuay’s next-gen CDR solution can protect your business