“AZORult is a robust information stealer & downloader that Proofpoint researchers originally identified in 2016 as part of a secondary infection via the Chthonic banking Trojan. We have since observed many instances of AZORult dropped via exploit kits and in fairly regular email campaigns as both a primary and secondary payload.” reads the analysis published by ProofPoint.
“Recently, AZORult authors released a substantially updated version, improving both on its stealer and downloader functionality.”
AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. Later it was involved in many malspam attacks, but only now the authors released a substantially updated variant.
The latest version appears more sophisticated than previous ones, it implements the ability to steal histories from browsers (except IE and Edge), it includes a conditional loader that checks certain parameters before running the malicious code, and includes the support for Exodus, Jaxx, Mist, Ethereum, Electrum, Electrum-LTC cryptocurrency wallets.