mcafee

In the world of cybersecurity, attackers are always evolving, finding new ways to hide in plain sight, and one of the latest examples shows just how creative they’ve become. The case of the Astaroth banking trojan demonstrates how hackers are now using legitimate platforms like GitHub to stay invisible to security experts while continuing to steal sensitive information

It all begins with a simple phishing email that looks completely normal, often disguised as an official message asking you to download an important document. The attached file, usually with a .lnk extension that appears harmless, is actually a trap. Once opened, it silently installs malware onto your device and begins its work in the background. What follows is a stealthy operation where the trojan quietly records your keystrokes, capturing logins, passwords, and other personal data connected to your bank accounts and crypto wallets. All that stolen information is then sent back to the attackers who control the malware’s network

But the truly fascinating part is how Astaroth manages to remain undetected for so long. Most trojans rely on a central command server that coordinates all infected machines. Once authorities discover and take down that server, the entire operation falls apart. Astaroth, however, doesn’t play by those rules. Instead, it uses GitHub — the same platform developers use to host and share open-source code — as part of its communication system. The malware doesn’t store any dangerous files there but hides a small configuration file in a GitHub repository. That file contains new instructions, such as where to connect next if the main server goes offline. In essence, GitHub acts as a message board for the trojan, telling it where to find the next command center without ever raising suspicion

According to cybersecurity experts at McAfee, this trick makes Astaroth remarkably resilient. Even if one part of its infrastructure is destroyed, it can quickly recover and continue its operations using legitimate channels that no one expects to be part of a cyberattack. To make things even more sophisticated, the trojan is programmed to avoid drawing attention from analysts in certain countries. If it detects that it’s running on a system based in the United States or another English-speaking region, it deletes itself immediately, leaving no trace behind. Its main focus has been users in South America, particularly in Brazil, Argentina, and Chile, where it has caused significant damage

So what can regular users do in the face of such clever tactics? The answers may sound familiar, but they are more important than ever. Never open attachments or click on links from unknown senders, no matter how legitimate they appear. Keep your antivirus software updated and make sure it’s actively monitoring your system. Most importantly, use two-factor authentication on all your critical accounts, especially for online banking and crypto exchanges. Even if your password is stolen, the attacker will need an additional code to access your funds

The Astaroth case is a powerful reminder that even trusted and widely used platforms like GitHub can be misused for malicious purposes. It challenges the very idea of online safety, showing that in today’s digital landscape, the line between good and bad tools depends entirely on how they’re used. Perhaps there is no truly safe place on the internet anymore only safer habits and smarter vigilance that help us stay one step ahead

#GitHub #Cybersecurity #CryptoNews #McAfee #OnlineSafety

Hey! I was reading some cybersecurity news and came across a clever scheme that's worth knowing about. It's about a banking trojan called Astaroth. The most interesting thing about it isn't how it steals data, but how it hides from security experts by using legitimate services.
How does it start?
It's a classic: you get a phishing email asking you to download an "important" document. The file looks harmless (for example, with a .lnk extension, like a shortcut), but it actually installs malware on your computer.
What does the trojan do?
It runs in the background and quietly records everything you type (this is called keylogging). Its main goal is your login information and passwords for bank accounts and crypto wallets. It then sends all this data back to the attackers.
Where does GitHub come in?
This is the really clever part! These trojans are usually controlled from one central server. If law enforcement or antivirus companies find and "take down" that server, the trojan becomes useless. But Astaroth is smarter.
It has a backup plan: it contacts the regular GitHub (a platform for developers to store code)! But it doesn't store the virus itself there—that would be noticed immediately. Instead, it keeps just a small configuration file in a GitHub repository. This file is like a new instruction: "Team, our main server is down, now we're operating from here." And the trojan gets the address of a new, working server.
As an expert from McAfee said, it's not the malicious code itself, but just a "note" with a new address. This makes it very flexible and resilient.
Who is the main target?
It seems the primary attack is on users in South America (Brazil, Argentina, Chile, etc.). Furthermore, the trojan is written in such a way that if it "understands" it's running on a system in the US or another English-speaking country, it simply self-destructs to avoid being studied. A true professional cybercriminal!
So, what should you do?
The advice is standard, but no less important:
Don't open attachments or click links from unknown senders.Use antivirus software and always keep it updated.Enable two-factor authentication everywhere you can, especially for banks and crypto exchanges.
So that's the story. It turns out that even legitimate and useful services like GitHub can be used for harm. An interesting twist, right?
What do you think, is there really any truly safe place on the internet if hackers have learned to camouflage themselves so skillfully?
#Github #crypto #CryptoNewss  #McAfee

John McAfee, the founder of the famous antivirus software, although deceased in 2021, is still making waves in the crypto community with an announcement from his social media account X (formerly Twitter).
Shocking announcement: McAfee returns with AIntivirus
McAfee's X account unexpectedly posted an announcement about the AIntivirus project, an AI token built on blockchain
. The message from the account read:
"I'm back with AIntivirus. An AI version of me. Do you think I would miss this cycle?"