Astaroth
-
High-severity parsing flaw in async-tar and forks could enable file overwrite and RCE
A boundary parsing flaw in async-tar and forks including tokio-tar, tracked as CVE-2025-62518 and dubbed TARmageddon, can allow nested TARs to be treated as outer entries and be used to overwrite files and enable remote code execution; users are advised to migrate to astral-tokio-tar v0.5.6.
-
Astaroth banking trojan leverages GitHub to restore command-and-control, McAfee says
McAfee Labs reported that the Astaroth banking trojan campaign uses GitHub-hosted images with steganography to update configurations and maintain access after C2 takedowns; the campaign targets Brazil and other Latin American countries and is delivered via DocuSign-themed phishing emails.
