Malware News Updated AZORult Spyware Comes with Sophisticated New Techniques

[silversurfer]

Content source

https://threatpost.com/updated-azorult-spyware-comes-with-sophisticated-new-techniques/134555/

An updated version of the AZORult spyware has been sighted as the payload in a large spam campaign – just one day after debuting on the Dark Web.

AZORult steals information and can download additional malware; it’s been around since at least 2016, when Proofpoint researchers identified it as part of a secondary infection via the Chthonic banking trojan. It’s become fairly common in a range of malspam attacks since then, the firm noted – but the authors have now released what researchers termed in a Monday posting “a substantially updated version.”

The upgraded code has a raft of sophisticated improvements, including the ability to steal histories from non-Microsoft browsers, a conditional loader that checks certain parameters before running the full malware; support for Exodus, Jaxx, Mist, Ethereum, Electrum, Electrum-LTC cryptocurrency wallets; the ability to use system proxies; and a few administrative tweaks, like location awareness and the ability to more easily delete spy reports that don’t have useful information.