New AZORult Phishing Campaign Noticed by Cofense

July 11, 2018


Prominent anti-phishing solution supplier Cofense has noticed a new AZORult phishing campaign. AZORult is an information thief capable of thieving cookies, saved passwords, payment card information, autocomplete data saved in web browsers, Bitcoin wallet information, and electronic mail, FTP, and XMPP client identifications.

The latest campaign uses malevolent electronic mail attachments to disperse a new variation of the malware. Type 3 of AZORult includes anti-analysis protections and is capable of noticing if it’s running in a VM or sandbox setting. The malware also has new abilities and can take and exfiltrate screenshots, harvest Skype and Jabber program logs and conversation histories, and it now encrypts telecommunications between an endpoint and its management panel. The newest variation of the malware also backs blockchain-based DNS infrastructure.

AZORult is being dispersed through phishing electronic mails and uses a range of methods to download the malevolent payload. Earlier the threat actors behind the malware have utilized intermediary loaders like Seamless and Rammnit malware to send AZORult. The latest campaign utilizes tried and tested delivery methods like the abuse of weaknesses and macros – much more efficient ways of transporting the malevolent payload.

Cofense notices that in contrast to numerous other information thieves that are continuing, this malware variation communicates with its C2 two times before erasing its own binary. This method assists the malware to evade network logging systems that are not expert to look for such short-lived communication and makes it tougher for event reaction teams to notice.

Cofense doubts that the threat actors behind the malware will include the functionality to abuse further weaknesses, particularly, CVE-2017-11882, CVE-2017-0199, and CVE-2017-8750.

To upgrade defenses against email-based attacks, firms must make sure workers are trained to recognize dangers and report them to their safety teams. Cofense has created an extensive variety of training content and a phishing simulation platform to make it simpler for businesses to train workers to become safety assets.

In order to stay safe against the modern malware dangers, safety teams require good acumen. Cofense has created such a facility – Cofense Intelligence – to make sure safety teams have timely information regarding the new methods being developed and new malware variations that are being used in real-world attacks.  Being alert is being prepared.