Astaroth Trojan malware has resurfaced in South America, with more than 8,000 machines attacked in just one week. Trojan used fake invoice emails with attachments that appeared to come from legitimate services under cam.br domains. Trojan leveraged the Windows Management Instrumentation Console (WMIC) and its connected command-line interface to download nonlocal payloads. The malware then prevented users from opening any web browser except Internet Explorer, and when users navigated to Brazilian banks, it began recording keystrokes for data collection and account compromise.”]