An ongoing phishing campaign spreads the Astaroth trojan, bent on exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities. At every turn, the info-stealer uses legitimate services to get around normal email, endpoint and network defenses. The campaign exclusively targets Brazilians, with emails written in Portuguese and the initial.ZIP archive geo-fenced to Brazil, according to Cofense researcher Aaron Riley.
Source: https://threatpost.com/astaroth-spy-trojan-facebook-youtube/148327/