{"id":34001,"date":"2020-03-24T11:49:00","date_gmt":"2020-03-24T11:49:00","guid":{"rendered":"http:\/\/f2c18a2b-d376-4c2a-a8c5-2161408f8d81"},"modified":"2020-03-24T11:49:00","modified_gmt":"2020-03-24T11:49:00","slug":"microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/","title":{"rendered":"Microsoft&#8217;s Windows 10 warning: Astaroth malware is back. This time it&#8217;s even stealthier"},"content":{"rendered":"<p>Astaroth, a group that uses legitimate Windows tools to spread malware, has retooled after Microsoft drew attention to its <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-warns-about-astaroth-malware-campaign\/\">living-off-the-land techniques last July<\/a>. The group in February stepped up its activity with even stealthier methods.&nbsp;<\/p>\n<p>Last year the Windows Defender ATP team detected a huge spike in the use of the Windows Management Instrumentation Command-line (WMIC) tool, which is built in to Windows.&nbsp;<\/p>\n<p>Microsoft&#8217;s investigation found a major spam operation spreading email with a link to a website hosting a .LNK shortcut file. If a recipient downloaded and ran the file, it would launch WMIC and several other Windows tools to download and run fileless malware in memory, below the view of traditional antivirus.<\/p>\n<p>&#8220;Astaroth now completely avoids the use of WMIC and related techniques to bypass existing detections,&#8221; Hardik Suri of the Microsoft Defender ATP Research Team <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/03\/23\/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">said in a new update<\/a>.&nbsp;<\/p>\n<p><strong>SEE:<\/strong> <a href=\"http:\/\/www.techrepublic.com\/resource-library\/whitepapers\/20-pro-tips-to-make-windows-10-work-the-way-you-want\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong>20 pro tips to make Windows 10 work the way you want<\/strong><\/a> <strong>(free PDF)<\/strong><\/p>\n<p>Microsoft Defender ATP data shows that Astaroth campaigns trickled out over January followed by three massive spikes in activity during February.&nbsp; &nbsp;<\/p>\n<p>While the campaign still begins with a spam email containing a link to a website hosting a malicious .LNK file, Astaroth is now using <a href=\"https:\/\/en.wikipedia.org\/wiki\/NTFS#Alternate_data_streams_(ADS)\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Alternate Data Streams (ADS)<\/a>&nbsp;\u2013 a file attribute that allows the attacker to attach data to an existing file \u2013 to hide malicious payloads.&nbsp;<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>To load the payload, it&#8217;s abusing ExtExport.exe, which Suri explains is a legitimate process and a &#8220;highly uncommon attack vector&#8221;.&nbsp;<\/p>\n<p>According to Suri, these new techniques make the fileless malware &#8220;even stealthier&#8221;.&nbsp;<\/p>\n<p>For example, using ADS allows stream data to remain invisible in File Explorer, and in this case Astaroth reads and decrypts several plugins from ADS streams in desktop.ini that allow Astaroth to steal email and browser passwords as well as find and disable installed security software.&nbsp;<\/p>\n<p>The plugins are the NirSoft MailPassView tool for recovering email client passwords and the NirSoft WebBrowserPassView tool for recovering passwords from browsers.&nbsp;<\/p>\n<p>If a recipient clicks on the LNK file, which is contained within a .zip file, it runs an obfuscated BAT command line, which drops a JavaScript file to the Pictures folder and instructs explorer.exe \u2013 a utility that ships with Internet Explorer \u2013 to run the file. &nbsp;<\/p>\n<p><strong>SEE:<\/strong> <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-warns-about-astaroth-malware-campaign\/\"><strong>Microsoft warns about Astaroth malware campaign<\/strong><\/a><\/p>\n<p>Another legitimate tool it abuses is BITSAdmin, a command-line tool for admins to create download or upload jobs and monitor their progress. In this case, it&#8217;s used to download encrypted payloads from a command-and-control server.&nbsp;<\/p>\n<p>Although there have been Astaroth campaigns in the US, Europe, and Asia, the vast majority of attacks this year are aimed at Windows users in Brazil, according to Microsoft.&nbsp;<\/p>\n<p>Hence, the initial spam email is written in Portuguese but translates to: &#8220;Please find in the link below the STATEMENT #56704\/2019 AND LEGAL DECISION, for due purposes&#8221;. The link an archive file labeled,&nbsp;<em>Arquivo_PDF_&lt;date&gt;.zip<\/em>. &nbsp;<\/p>\n<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet1.cbsistatic.com\/hub\/i\/r\/2020\/03\/24\/cc33d3bf-8861-44a4-89c8-8cb52d06d5b9\/resize\/1200xauto\/f18fcaa7d5cfdf8b09a9147e2e02a455\/astaroth-2020-attack-chain-2.png\" class alt=\"astaroth-2020-attack-chain-2.png\" height=\"auto\" width=\"1200\"><\/span><\/p>\n<p><span class=\"caption\">Microsoft sets out here the attack chain that Astaroth has now adopted.<\/span><\/p>\n<p><span class=\"credit\">Image: Microsoft<\/span> <\/p>\n<div class=\"relatedContent alignNone\">\n<h3 class=\"heading\"><span class=\"int\">Windows 10<\/span><\/h3>\n<\/div>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malware group has changed its living-off-the-land tactics after Microsoft exposed its work.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34002,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-34001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft&#039;s Windows 10 warning: Astaroth malware is back. This time it&#039;s even stealthier 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft&#039;s Windows 10 warning: Astaroth malware is back. This time it&#039;s even stealthier 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-24T11:49:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"978\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft&#8217;s Windows 10 warning: Astaroth malware is back. This time it&#8217;s even stealthier\",\"datePublished\":\"2020-03-24T11:49:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/\"},\"wordCount\":531,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/\",\"name\":\"Microsoft's Windows 10 warning: Astaroth malware is back. This time it's even stealthier 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png\",\"datePublished\":\"2020-03-24T11:49:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png\",\"width\":1200,\"height\":978},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft&#8217;s Windows 10 warning: Astaroth malware is back. This time it&#8217;s even stealthier\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft's Windows 10 warning: Astaroth malware is back. This time it's even stealthier 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft's Windows 10 warning: Astaroth malware is back. This time it's even stealthier 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-03-24T11:49:00+00:00","og_image":[{"width":1200,"height":978,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft&#8217;s Windows 10 warning: Astaroth malware is back. This time it&#8217;s even stealthier","datePublished":"2020-03-24T11:49:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/"},"wordCount":531,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/","url":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/","name":"Microsoft's Windows 10 warning: Astaroth malware is back. This time it's even stealthier 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png","datePublished":"2020-03-24T11:49:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier.png","width":1200,"height":978},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsofts-windows-10-warning-astaroth-malware-is-back-this-time-its-even-stealthier\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft&#8217;s Windows 10 warning: Astaroth malware is back. This time it&#8217;s even stealthier"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34001"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34001\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34002"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}