Astaroth Trojan abuses GitHub to host configs and evade takedowns

Astaroth, a banking Trojan, uses GitHub to host malware configurations, allowing it to evade takedowns and maintain continuous operation. The attack chain begins with phishing emails containing a link to a ZIP file, ultimately leading to the injection of the final Astaroth payload into a new process. Astaroth targets South American countries, Portugal, and Italy, stealing credentials through keylogging and transmitting data to attackers.