A new wave of the Astaroth banking trojan has emerged, leveraging a novel approach to distribute its malicious configuration files. First detected in late 2025, this latest campaign employs GitHub’s raw content service to host encrypted JSON configurations containing target URLs, browser injection parameters, and command-and-control (C2) endpoints. By hiding critical settings behind GitHub’s trusted […]
Astaroth Banking Malware Leveraging GitHub to Host Malware Configurations
Related articles