Derp.ca

Astaroth

Also known as: Guildma

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in North America and Europe.

C2 Infrastructure

Hosting/VPS100%

Last 7 days

Apr 9, 2026
C2 Hosts: 69

Further Reading

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

In this report, we explore a recent campaign involving the Astaroth information stealing trojan, chiefly affecting Brazil through the abuse of native OS processes.

cybereason.com
Dismantling a fileless campaign: Microsoft Defender ATP's Antivirus exposes Astaroth attack | Microsoft Security Blog

Advanced technologies in Microsoft Defender ATP's Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the i...

microsoft.com
Latest Astaroth attacks are even more invisible but not less observable

Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.

microsoft.com
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign Targets Brazil With Astaroth Malware

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking...

trendmicro.com
Guildma: The Devil drives electric

ESET researchers take a close look at Guildma, the most impactful and advanced banking trojan they’ve seen in Latin America. Guildma uses innovative methods of execution and sophisticated attack te...

welivesecurity.com