Cybersecurity researchers have uncovered a new campaign where the Astaroth banking trojan uses GitHub as a resilient infrastructure for hosting configurations, bypassing traditional takedowns. The malware targets mainly Brazil and Latin American countries, stealing banking credentials via sophisticated infection chains. #Astaroth #GitHubSteganography
Keypoints
- Astaroth malware uses GitHub repositories to host configuration files, providing resilience against infrastructure takedowns.
- The campaign primarily targets banking websites across Latin America, including Brazil, Mexico, and others.
- The infection chain begins with phishing emails disguised as DocuSign, initiating malware download via obfuscated JavaScript.
- Astaroth monitors browser activity and uses keylogging to steal credentials from banking and cryptocurrency sites.
- The malware employs anti-analysis measures and persistence techniques, including registry-based startup and geofencing.
Read More: https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html