A spear-phishing campaign in Brazil is distributing the Astaroth banking malware, also known as Guildma, using obfuscated JavaScript to bypass security measures. The malware targets various sectors, such as manufacturing, retail, and government agencies, by sending malicious emails that pretend to be official tax documents. Trend Micro has identified this threat as Water Makara, while Google's Threat Analysis Group named it PINEAPPLE for a similar attack
The malware is delivered through a ZIP attachment in the emails, which contains a Windows shortcut file that executes obfuscated JavaScript to establish connections with a command-and-control server. Despite being an old trojan, Astaroth's reemergence poses a persistent danger, leading to data theft, damage to consumer trust, regulatory fines, and operational disruptions. To defend against such threats, it is advised to implement strong password policies, use multi-factor authentication, keep software updated, and follow the principle of least privilege.https://thehackernews.com/2024/10/astaroth-banking-malware-resurfaces-in.html