AZORult spreads as a fake ProtonVPN installer

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,726
123,827
8,399
Content source
https://securelist.com/azorult-spreads-as-a-fake-protonvpn-installer/96261/
AZORult has its history. However, a few days ago, we discovered what appears to be one of its most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows.

The campaign started at the end of November 2019 when the threat actor behind it registered a new domain under the name protonvpn[.]store. The Registrar used for this campaign is from Russia.

We have found that at least one of the infection vectors is through affiliation banners networks (Malvertising).

When the victim visits a counterfeit website and downloads a fake ProtonVPN installer for Windows, they receive a copy of the Azorult botnet implant. [.....]
Click to expand...
securelist.com

AZORult spreads as a fake ProtonVPN installer

We discovered what appears to be one of AZORult's most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows.
securelist.com securelist.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Protomartyr, Allego, Outpost and 8 others
You must log in or register to reply here.

You may also like...