GitHub’s New Role: Astaroth Trojan’s Unwanted Sidekick in Banking Heists

Cybersecurity researchers reveal that the Astaroth banking trojan is using GitHub as a backup to stay operational when its servers are taken down. It’s like a villain with a plan B—just when you think you’ve caught it, it pulls a sneaky switcheroo and keeps wreaking havoc!

3P
Published: October 13, 2025 7:57 amAdded: October 13, 2025 at 1:26 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Brace yourselves, folks! The Astaroth banking trojan is back, and it’s using GitHub as its malicious Airbnb! It’s like a digital game of Whac-A-Mole where the moles have gotten smarter and are now using cloud-based services to stay one step ahead. While we might admire the crafty use of GitHub’s infrastructure, it’s a stark reminder that even our favorite code-sharing platforms can become the unwitting accomplices in the malware’s evil plot. So, keep your passwords close and your firewalls closer!

Key Points:

  • Astaroth banking trojan uses GitHub to host malware configurations.
  • Primarily targets Brazil and other Latin American countries.
  • Delivers malware through DocuSign-themed phishing emails.
  • Utilizes JavaScript and AutoIt scripts to execute the attack chain.
  • Employs steganography to hide information on GitHub repositories.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?