SituationAZORult is a trojan malware designed to extract data from the attacked system. Data can include passwords, cookies, files, wallet.dat data and more.
In July 2018, AZORult was substantially updated with Hermes ransomware. The update includes the ability to steal from non-Microsoft browsers, an improved loader, ability to use system proxies, and added support for cryptocurrency wallets.
The new version was seen in a large email campaign on July 18, one day after being released on the Dark Web. The campaign targeted North America with job-related subjects, luring victims into enabling macros which would download the Hermes ransomware.
Below is a two-step recommendation to address this vulnerability in your environment:
- Ensure all Operating System and Anti-Virus systems are up to date and patched.
- Follow best practices when opening emails. https://www.phishing.org/10-ways-to-avoid-phishing-scams