dataendure-banner.jpg

DataEndure Blog

Security

Security Advisory: AZORult Trojan Malware Updated with Hermes Ransomware

Shahin Pirooz | Aug 16, 2018 1:25:50 PM

Situation

AZORult is a trojan malware designed to extract data from the attacked system. Data can include passwords, cookies, files, wallet.dat data and more.

Problem

In July 2018, AZORult was substantially updated with Hermes ransomware. The update includes the ability to steal from non-Microsoft browsers, an improved loader, ability to use system proxies, and added support for cryptocurrency wallets.

Implication 

The new version was seen in a large email campaign on July 18, one day after being released on the Dark Web. The campaign targeted North America with job-related subjects, luring victims into enabling macros which would download the Hermes ransomware.

Need

Below is a two-step recommendation to address this vulnerability in your environment:

  1. Ensure all Operating System and Anti-Virus systems are up to date and patched.
  2. Follow best practices when opening emails. https://www.phishing.org/10-ways-to-avoid-phishing-scams 

 

Sign-up for DataEndure’s Free Vulnerability Assessment