Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

STOP Ransomware installs AZORult trojan onto victims’ systems to steal credentials

The AchieVer

By The AchieVer
in Security & Privacy News

Recommended Posts

The AchieVer

The AchieVer

Posted
Posted

STOP Ransomware installs AZORult trojan onto victims’ systems to steal credentials

 

ransomware,hacker,secure,money,policy,key,virus,pay,online,antivirus,laptop,internet,detection,alert,banknote,bug,business,communication,connection,danger,data,device,digital,error,failure,folder,hacking,holding,infected,infection,malware,map,notebook,payment,red,risk,safe,screen,security,spam,spyware,technology,threat,trojan,unlock,victim,warning,wireless,world
 
  • STOP has now started installing AZORult info-stealing trojan onto victims’ systems to steal account credentials, browser history, desktop files, cryptocurrency wallets, and more.
  • The files downloaded by the STOP ransomware generated network traffic associated with the AZORult infection.

 

STOP Ransomware is known for encrypting victims’ files, in addition to this, STOP has now started installing AZORult info-stealing trojan onto victims’ systems to steal account credentials, browser history, desktop files, cryptocurrency wallets, and more.

 

The collected information is then sent to the server operated by the attackers.

Worth noting 

Security researcher Michael Gillespie tested some recent variants of the STOP ransomware and observed that an Any.Run install indicated that one of the files downloaded by the STOP ransomware created network traffic associated with the AZORult infection. 

Promorad variant

BleepingComputer team downloaded and installed a sample of Promorad variant of the STOP ransomware to check if AZORult would be installed. 

 

  • Upon installing the Promorad variant, it downloaded the files and encrypted the computer. 
  • The encrypted files were appended with the .promorad extension.
  • The ransomware created a ransom note named _readme.txt.
  • The Promorad variant also downloaded and executed a file named ‘5.exe’.
  • This file, when executed, creates network traffic that is associated with the C&C server communications for the AZORult trojan. 

 

“Furthermore, when this file was scanned using VirusTotal, numerous security vendors detect this file as a password-stealing Trojan,” BleepingComputer reported.

 

What you should do?

  • Researchers request STOP ransomware infected victims to immediately change all the passwords associated with their online accounts.
  • Researchers recommend resetting passwords that are saved in browsers.
  • They also recommend victims to change passwords in software such as Skype, Steam, Telegram, and FTP Clients. 
  • Victims should also ensure any files stored on the Windows desktop for private information are secured.

 

 

 

 

 

Source

Link to comment
Share on other sites
  • Views 336
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...