What is Azorult?
Azorult (S0344) is an infostealer used by cybercriminals for credential theft and financial gain. A distinguishing feature of Azorult is its focus on cryptocurrency theft.
Azorult malware searches infected systems for crypto wallets and exfiltrates their private keys. It also harvests browser history, cookies, and saved passwords, and can be used to download and install additional malware.
How to Defend Against Azorult?
Defending against Azorult requires preventing its initial infection and detecting its data exfiltration.
- Be cautious with email attachments and links, as phishing is a primary delivery vector for this infostealer.
- Keep all operating systems and software patched to limit the vulnerabilities that can be exploited for initial access.
- Deploy endpoint detection and antivirus to identify and block the malware’s execution and its information-stealing behaviors.
- Use network detection (NDR) with integrated threat intelligence to spot and block the exfiltration of stolen data to C2 servers.
- Secure cryptocurrency wallets with hardware devices or offline storage to protect private keys even if a system is compromised.
