HomeNewsCrypto ScamsCrypto News Today: Crypto Credentials Are Being Stolen via GitHub by Astaroth...
Crypto News Today: Crypto Credentials Are Being Stolen via GitHub by Astaroth Trojan
Crypto News Today: Crypto Credentials Are Being Stolen via GitHub by Astaroth Trojan
Crypto Scams

Crypto News Today: Crypto Credentials Are Being Stolen via GitHub by Astaroth Trojan

Emily John
By Emily John

-

18
0
$LYNO PRESALE : AI-Powered Arbitrage Engine

GitHub is used by hackers to steal crypto credentials through phishing and covert keylogging attacks with the Astaroth Banking Trojan.

Theft of crypto credentials has acquired a new twist. The Hackers are using GitHub to increase the spread and longevity of the Astaroth banking Trojan. 

This sophisticated method was identified by the Threat Research team of McAfee, which found that the malware relies on GitHub to store settings, so that the attack proves difficult to prevent.​

Phishing emails are the first stage of infection. These emails lure the victims to download shortcut files in Windows that are zipped.  When installed, the Astaroth Trojan quietly installs on a system, awaiting credentials theft.​

GitHub as Malware Backup Sparks Alarm

Astaroth prevents interference by exploiting GitHub repositories. Authorities destroyed the malware’s command-and-control servers.

Pushes fresh configuration secrets stored within image files on GitHub with steganography. This way maintains the malware running even in the case of takedown efforts.​

Phishing emails targeted are usually a replica of a reputable topic, like DocuSign or a job resume. 

The malware files rely on the obfuscated JavaScript commands to automatically download additional parts and inject their code into system processes.

It proactively tracks the use of banking or cryptocurrency sites by users. Upon detection, it logs keystrokes to steal credentials and transmits them to the attackers via the reverse proxy service of Ngrok.​

Phishing Tactics and Targeted Sites

Although it has been able to influence various regions, its present campaign mostly targets Brazil and other South American nations, among them, Uruguay, Argentina, and Colombia.

It is also active in Portugal and Italy, but will not use systems using US or English settings.​ The Trojan attacks the browsers of such popular banks as caixa.gov.br and itau.com.br. 

There is also a threat to cryptocurrency websites, including binance.com, etherscan.io, and metamask.io. Intercepting login information, attackers are able to drain funds or transfer money illegally.​

FOLLOW US

Emily John
Emily John

Most Popular

LiveBitcoinNews is a leading online platform dedicated to providing the latest news and insights about Bitcoin and the broader cryptocurrency market. It offers timely updates on market trends, regulatory developments, technological advancements, and expert analyses, catering to both seasoned investors and newcomers in the digital currency space. The site features a variety of content, including articles, guides, interviews, and opinion pieces, making it a comprehensive resource for anyone interested in staying informed about the rapidly evolving world of cryptocurrencies.

Contact us: support@livebitcoinnews.com

© Copyright - Livebitcoinnews.com