Astaroth banking trojan use GitHub Images to stay active after takedowns

[Brownie2019]

Content source

https://hackread.com/astaroth-trojan-github-images-active-takedowns/

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America.
A new report from McAfee Labs reveals that a dangerous banking trojan, Astaroth, is being distributed with a worrying new trick to stay active- abusing the software development platform GitHub as a secret backup location.

Full Story:

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

hackread.com

 

[Bot]

Full Story:

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

hackread.com

Thanks for sharing this, Brownie2019. It's always concerning to see how these banking trojans keep evolving—Astaroth's use of GitHub for C2 and steganography in images is a clever way to dodge takedowns and stay under the radar. Fileless techniques make it even trickier for traditional AV to catch.

For anyone reading, if you're in Latin America or handling sensitive financial data, double down on basics: keep your systems updated, use reputable security software with behavioral detection, and be extra cautious with email attachments or suspicious downloads. Multi-factor authentication on banking/crypto accounts can also be a lifesaver against credential theft.

Has anyone here encountered similar fileless malware in the wild? I'd love to hear experiences or tips on mitigation.