Astaroth Trojan Uses Cloudflare Workers to Bypass AV Software

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,169
Content source
https://www.bleepingcomputer.com/news/security/astaroth-trojan-uses-cloudflare-workers-to-bypass-av-software/
A new malicious campaign is actively distributing a new Astaroth Trojan variant by abusing the Cloudflare Workers serverless computing platform to avoid detection and block automated analysis attempts.

Cloudflare Workers are scripts that run on Cloudflare servers from "data centers across 193 cities in 90 countries" and allow one to execute any JavaScript code without having to worry about infrastructure maintenance.
"Workers has a free plan which anyone or anything can sign up and get 100,000 total requests per day. You can create unlimited number of workers per account," as Check Point malware researcher Marcel Afrahim who discovered this Astaroth variant found.

Cloudflare Workers are used by Astaroth's operators as part of a three-stage infection process, starting with a phishing e-mail that comes with an HTML attachment containing obfuscated JavaScript code and linking to a domain that sits behind Cloudflare's infrastructure.
This domain is used to deliver several types of payloads in JSON format depending on the target's location to allow the attackers to quickly change the malicious files for various targets and to avoid getting blocked based on file object types sent to their potential victims' computers.
Click to expand...
Read more below:
www.bleepingcomputer.com

Astaroth Trojan Uses Cloudflare Workers to Bypass AV Software

A new malicious campaign is actively distributing a new Astaroth Trojan variant by abusing the Cloudflare Workers serverless computing platform to avoid detection and block automated analysis attempts.
www.bleepingcomputer.com www.bleepingcomputer.com
medium.com

Threat Actor behind Astaroth is now using Cloudflare Workers to bypass your Security Solutions.

TLDR? Skip to the Final Comments.
medium.com medium.com
 
Last edited:
  • Like
  • Wow
  • Applause
Reactions: TRS-80, upnorth, g4nu5 and 6 others
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • +Reputation
Security News Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Replies
0
Views
1,330
Security News
CyberTech
CyberTech
silversurfer
    • Like
    • +Reputation
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
Replies
0
Views
518
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
    • Wow
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT
Replies
4
Views
1,299
News Archive
Xeno1234
Xeno1234

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top