Added to the admin panel a geobase AZORult CampaignĪccording to researchers, the malware campaign contains both the password stealer and the ransomware, it is less common to see both. Added to the admin panel guest statistics Added to the admin panel a button for removing “dummies”, i.e. If a proxy is installed on the system, but there is no connection through it, the stealer will try to connect directly (just in case) Also, there is a rule “If there is data from cryptocurrency wallets” or “for all” For example: if there are cookies or saved passwords from, then download and run the file linkcom/soft.exe. In the admin panel, you can specify the rules for how the loader works. Added support for cryptocurrency wallets: Exodus, Jaxx, Mist, Ethereum, Electrum, Electrum-LTC Added stealing of history from browsers (except IE and Edge) Security researchers from Proofpoint spotted the new version(3.2) of AZORult malware advertised in the underground forum with full changelog. Attackers used password-protected documents to evade the antivirus detections and once the user enter’s the password for documents it asks to enable macros which downloads the AZORult and then the Hermes 2.1 ransomware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |