Astaroth (Malware Family)
First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in North America and Europe.
by Fraunhofer FKIE· archived 5/23/2026, 1:57:28 PMscreenshotcached html 
First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in North America and Europe.2025-10-10 ⋅ McAfee ⋅ Astaroth: Banking Trojan Abusing GitHub for Resilience Astaroth 2024-10-14 ⋅ Trend Micro ⋅ Adremel Redondo, Adriel Isidro, Andre Filipe Codod, Charles Adrian Marty, Christian Alpuerto, Kim Benedict Victorio, Lorenzo Laureano, Mark Jason CoWater Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Astaroth Water Makara 2022-08-19 ⋅ SANS ISC ⋅ Brad DuncanBrazil malspam pushes Astaroth (Guildma) malware Astaroth 2022-01-17 ⋅ Github (pan-unit42) ⋅ Brad DuncanIOCs for Astaroth/Guildma malware infection Astaroth 2021-11-17 ⋅ ARMOR ⋅ Amer ElsadAstaroth: Banking Trojan Astaroth 2021-03-21 ⋅ Blackberry ⋅ Blackberry Research2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot 2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader 2020-07-14 ⋅ Kaspersky Labs ⋅ GReATThe Tetrade: Brazilian banking malware goes global Astaroth Grandoreiro Melcoz 2020-07-03 ⋅ F-Secure Labs ⋅ Anartz MartinAttack Detection Fundamentals: Code Execution and Persistence - Lab #1 Astaroth 2020-05-31 ⋅ InfoSec Handlers Diary Blog ⋅ Renato MarinhoGuildma is now using Finger and Signed Binary Proxy Execution to evade defenses Astaroth 2020-05-11 ⋅ Cisco Talos ⋅ Edmund Brumaghin, Nick Biasini, Nick ListerAstaroth - Maze of obfuscation and evasion reveals dark stealer Astaroth 2020-03-23 ⋅ Microsoft ⋅ Microsoft Defender ATP Research TeamLatest Astaroth living-off-the-land attacks are even more invisible but not less observable Astaroth 2020-03-05 ⋅ ESET Research ⋅ ESET ResearchGuildma: The Devil drives electric Astaroth 2019-12-06 ⋅ Botconf ⋅ Jakub Souček, Juraj HorňákDemystifying banking trojans from Latin America Astaroth Metamorfo 2019-07-08 ⋅ Microsoft ⋅ Microsoft Defender ATP Research TeamDismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack Astaroth 2019-04-25 ⋅ AppGate ⋅ Edgar Felipe Duarte PorrasMeet Lucifer: A New International Trojan Astaroth 2019-02-13 ⋅ Cybereason ⋅ Eli SalemAstaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data Astaroth There is no Yara-Signature yet.
TextSearch