The Astaroth Trojan used Facebook and YouTube profiles to support its infection chain in a new phishing campaign targeting Brazilian users. Through this technique, the attackers were able to bypass traditional security tools and collect sensitive data. Security teams should consider adopting a layered approach to email security that incorporates mail scanning, spam monitoring and other security measures. Companies should also practice ahead-of-threat detection to spot potentially malicious domains before they become active in phishing campaigns and other digital attacks. The Trojan potentially compromised as many as 8,000 machines in the span of one week.”]