Cybercriminals revive Astaroth: the trojan spreads via WhatsApp, Telegram and Viber, auto-sends lures, and steals banking data. Learn how to stay protected.
© E. Vartanyan
The Astaroth Trojan is on the move again, this time leaning on WhatsApp to spread and siphon data. Cybersecurity specialists warn that the latest build is markedly more effective than earlier iterations, as it zeroes in on popular messaging platforms: WhatsApp, Telegram, and Viber. Seeing WhatsApp in the crosshairs only underscores how attackers follow the crowd.
Astaroth arrives via ZIP archives packed with VBScript files that download modules built to steal banking and personal information. Once it slips into a device, the malware taps the user’s contacts and can auto-send malicious messages, fueling a chain reaction of new infections.
Experts note that the explosive growth of messaging apps has turned them into prime hunting grounds for cybercriminals. Users should be extra cautious with messages carrying attachments—even if they appear to come from someone they know—and avoid opening anything that looks suspicious. Familiar names are no longer a reliable filter.
To reduce risk, it’s worth keeping antivirus tools up to date, enabling multi-factor authentication, following credible reports on emerging cyberthreats, and opting for messaging apps with stronger encryption. These habits won’t solve everything, but they raise the bar for attackers and help keep personal data out of reach.