Quote:A fake ProtonVPN website was used since November 2019 to deliver the AZORult information-stealing malware to potential victims in the form of fake ProtonVPN installers as discovered by security researchers at Kaspersky.
 
ProtonVPN is a security-focused open-source virtual private network (VPN) service provider developed and operated by Proton Technologies AG, the Swiss company behind the end-to-end encrypted email service ProtonMail.
 
AZORult is an ever-evolving data-stealing Trojan selling for roughly $100 on Russian underground forums, also known to act as a downloader for other malware families when used in multi-stage campaigns.
This Trojan was previously spotted by researchers as part of large scale malicious campaigns spreading ransomware, data and cryptocurrency stealing malware.
 
AZORult is designed to collect and deliver as much sensitive information as possible to its operators, from files, passwords, cookies, and browser history to cryptocurrency wallets and banking credentials once it infects a targeted machine.