 |
| A campaign from AZORult to capture cryptocurrencies |
Kaspersky researchers have discovered strange malicious software that, using a misleading scam, visits one of the well-known websites that provide a VPN service for spreading malware called AZORult, a type of malicious Trojan program that has disappeared as an installer, Windows,
In 2019, AZORult malware targeted more than 40,000 users in the Middle East. It should be noted that the campaign was launched in November 2019 by registering an incorrect website, and it is currently a top priority for its activities dedicated to stealing personal information and currency from the encrypted number of the affected user.
This indicates that despite reports indicating demand for this currency has fallen sharply, cyber criminals are still trying to confiscate the cryptocurrency.
In terms of buying and selling in the Russian hacker community, AZORult is one of the most widely used theft tools due to its powerful features.
Trojan software is a serious threat to people who can infect computers because the program can collect different types of data, including browser logs, login authentication information, cookies and cookies. The files are stored there. Encrypted file folders and folders can also be used as download tools to download malware.
In a world where great efforts are made to protect and maintain privacy, VPN services play a vital role. It provides additional data protection and safe access to the internet, but we found that cyber criminals were exploited to take advantage of the increasing prevalence and use. Providing broadband VPN services by infiltrating these networks and launching malicious attacks on these networks is similar to the AZORult event we attended today.
It should be noted that there are many links to domains and websites that are widely distributed across ads and different advertising networks. This practice is known as harmful misleading advertising.
The victim visited the phishing site and had to download a free VPN installer. After downloading a fake virtual private network tool for Windows, he inadvertently installed a technical version of the robots for AZORult after starting the robots. In the incubator, the program collects information about the environment of the device in question and immediately sends it to the server.
Ultimately, cybercriminals confiscated cryptocurrencies from available wallets, Electrum, Takween, Ethereum, and other wallets, as well as passwords issued for single sign-on device passwords. WinSCP, Pidgin, OpenVPN, etc.
Once the activity is detected, Kaspersky immediately notifies the infected VPN service provider of the hacked case and blocks the fake website.
"This event is a good example of the low level of security available for our personal information today. To protect this information, we encourage users to take additional precautions explaining this activity, especially when browsing the Internet, why it is needed," said Dmitry Pestov, head of the global research and analysis team at Kaspersky Latin America. To install a network security solution on every device and when attacks occur when phishing over websites, it is difficult for users to distinguish between real and fake versions and cyber criminals generally benefit from well-known brands, it is impossible for this trend to go down. "
Dimitri added: "We also highly recommend using VPN to protect data exchange over the internet. However, it is also important to know the source of VPN software download." Kaspersky found this threat under the name: HEUR: Trojan-PSW.Win32. Azorult.gen
To reduce the risk of infection with Trojans such as AZORult events, Kaspersky recommends that users follow these guidelines:
- Confirm that the site is original. Do not visit the website until it is natural and original. Start with https and check URL format or re-enter company name, read verify website identity and start domain registration information before downloading software. ,
- Store cryptocurrencies in secure wallets and offline wallets to reduce the risk of money theft.
- Try to keep passwords and other personal information, including wallet keys, on password management platforms (such as Kaspersky Password Manager). The app securely stores your data in a private encrypted cellar.
- Use a safe and reliable solution, such as Kaspersky Total Security, that protects the device from various threats, including phishing attacks.