Over the past year, the Astaroth infostealer trojan has evolved into one of today’s stealthiest malware strains, containing a slew of anti-analysis and anti-sandbox checks to prevent security researchers from detecting and analyzing its operations. Luckily, all these innovations are only used to target and infect users in one country alone — namely Brazil. The malware has historically targeted Brazilian users ever since it was first spotted in the wild in September 2018. IBM researchers were the first ones to detect and analyze the malware, followed by Cybereason, and then Microsoft, which analyzed its evolution across two separate blog posts, in July 2019 and March 2020. Across all these reports, researchers noted how Astaroth slowly gained new features, developed a more complex infection chain, and shifted focus on stealth more than anything else.
Source: ZD Net