Numerous organizations across Brazil, especially those in the manufacturing, retail, and government sectors, have been targeted with the reemerging Astaroth banking trojan, also known as Guildma, in a new spear-phishing campaign by the threat operation Water Makara, according to The Hacker News.
Attacks involved the delivery of malicious emails spoofing Receita Federal, which is Brazil's federal revenue service agency, and other official organizations that deceive targets into downloading a ZIP archive purporting to be income tax files but contains an LNK file facilitating Astaroth trojan delivery, a report from Trend Micro revealed. "While Astaroth might seem like an old banking trojan, its reemergence and continued evolution make it a persistent threat. Beyond stolen data, its impact extends to long-term damage to consumer trust, regulatory fines, and increased costs from business disruption and downtime as well as recovery and remediation," said researchers, who urged the implementation of multi-factor authentication, robust password policies, updated software, and the principle of least privilege to ensure defenses against malicious intrusions.