There’s an updated version of the Azorult malware on the loose, so if your business processes payments of any kind, you and your employees should listen up. Everyone should be on the lookout for this one!
Azorult is a form of malware that has been identified as a trojan and is spread primarily via email. This specific trojan targets your payment information, including cryptocurrency wallets and other financial credentials. Azorult is unique in that while it steals information, it also downloads ransomware. It’ll hold your system hostage and demand a ransom in exchange for the release of your data.
Since Azorult is a trojan, it first disguises itself as something else in order to gain access to your systems. In this case, Azorult tends to come in the form of an email that looks like it’s employment related (subject line: “Job Application” or “Resume Included”). The email contains an attachment, which is typically a text document that looks as if it’s encrypted with a password.
Because there’s nothing nefarious within the email or within the document itself, Azorult can easily make its way past antimalware and antivirus scanners. However, once the user downloads the document and enters the password that’s included in the body of the email, their system begins running macros that downloads Azorult to their system, which then downloads a Hermes ransomware as well.
Interestingly, a new version of Azorult has been discovered with improved capabilities. In fact, the most recent update was in June 2018 and it seems as if its creators are intent on introducing new features. What’s more, it’s for sale on the dark web.
The first line of defense against any virus or malware is end-user knowledge. Yes, antivirus and antimalware programs and firewalls are key, but as this particular malware demonstrates, sometimes a bad guy can slip through the cracks.
One thing you can do is ensure that your employees are always vigilant about what types of emails they open and files they download. This can go a long way in protecting your organization.
Viruses don’t come into your inbox with a subject line that says “I’m something bad!”
Azorult tends to arrive looking like a resume submission. Your HR department probably gets a lot of legitimate emails every day that look exactly like an Azorult email. So your staff needs to pay attention to other red flags, such as the encrypted “resume” that is attached and can only be opened using the password in the email. Employees in other departments that wouldn’t usually have anything to do with hiring, and for whom it would be incredibly out of the norm to receive a resume submission, should immediately delete these emails and notify the proper IT authorities so that they can warn other users.
To learn more about IT security and how you can best protect your organization, download our whitepaper Security in Layers.