Astaroth malware exploits Avast antivirus LOLBins to steal data

Nocturnus Research team at Cybereason reveals how an Astaroth Trojan variant uses Avast antivirus software to gain info on target system

A Cybereason Active Hunting Service spokesperson says that the “analysis of the tools and techniques used in the Astaroth campaign show how truly effective these methods are at evading antivirus products.” The techniques in question involving using the Avast antivirus Runtime Dynamic Link Library ‘aswrundll.exe’ to load a
malicious module that then loads further malicious modules and gathers information about the machine. One of these modules collects and exfiltrates clipboard data, password information and more.

Click here to read complete article