IDP Signatures
79680 MALWARE.ASTAROTH.GUILDMA.INFECTION.B
Back to list| Signature Id | 79680 |
| Name | MALWARE.ASTAROTH.GUILDMA.INFECTION.B |
| Group | IPS MALWARE GENERAL |
| Issued | 2024-12-19 |
| Last Updated | 2024-12-19 |
| Description | The Astaroth malware, also known as Guildma, primarily targets Brazilian organizations through tailored phishing emails that often reference local institutions and use familiar payment methods like Boleto. The infection begins when users open malicious attachments, typically disguised as ZIP files containing executable scripts, which then download the Astaroth Trojan and establish command-and-control connections. Once installed, Astaroth exfiltrates sensitive data, including financial information and stored passwords, leveraging social engineering tactics to evade detection by traditional security measures. |