A new and improved version of the infostealer and malware downloader Azorult was spotted being distributed by the RIG exploit kit.
Check Point researchers report the malware has been heavily upgraded, version 3.3 as labeled by its creators, and has been available for sale on the Dark Web since early October. The fact that a new version has been released came as no surprise to Check Point as the code for the previous two versions had been made public making it not as valuable.
The most prominent changes center on a new encryption methodology being used with the embedded command and control domain string and a new method to connect to the C&C server.
The Dark Web ad also listed:
- Added support for stealing the following wallet credentials: BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore, Exodus Eden
- Cryptocurrency wallet’s stealer component has been improved.
- The loader component was fixed and improved, allowing bat files to be loaded and executed with no errors.
- Lowered AV detection rate, increased successful installation rate.
- Slight improvement in admin panel’s performance.
The publishers also took the opportunity of the new release to fix a bug in the loader functionality that didn’t allow bat files to properly load and execute.