Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan


Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan (Apr 27, 2019)

A fake PC cleaner has been discovered by researchers that installs the information-stealing trojan, "AZORult." The tool was found to have its own website that purported to be a Windows junk-cleaner tool called "G-Cleaner" that appears to be legitimate. If a user downloaded and ran the fake tool, it looks like any other PC cleaner tool and pretends to scan the computer for junk files. In the background, the AZORult malware will run and steal the device's cryptocurrency wallet information, data, passwords, amongst other information. It will then communicate with the Command and Control (C2) server to encrypt and send the stolen information to the C2 before it removes itself from the machine.

Recommendation: It is important to research software and their associated websites, especially unsecure domains, before downloading anything from them. This story depicts the dangers of downloading free program bundles. The appeal of free, potentially useful software can cause some users to become infected with malware after downloading it themselves. Free software should be carefully researched before downloading, and these types of downloads can be avoided on company networks by having policies in place.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.