AZORult stealer targets crypto wallets with a sophisticated HTML smuggling

tabas

hero member

Activity: 2954

Merit: 725

Top Crypto Casino

Quote from: Dave1 on March 20, 2024, 10:52:57 PM

Quote from: tabas on March 20, 2024, 06:07:36 PM

Quote from: tech30338 on March 20, 2024, 05:51:37 AM

This has been my recommendation to my friends to use Linux since almost everything can be done with it, at the same time you don't have to worry about expensive licenses in Linux since there are alternative software like office, most virus/malware will not run on it, i use it before and must say it work like a charm, just use ubuntu desktop and you're good to go.

It's because that they have lesser userbase and hackers won't waste time on it as majority of the people either using mac os' and windows. One thing that they can learn from using linux is there's also a career in it that they can be linux systems administrator so, it's a double thing for them. They're able to at least decrease the chances of dealing with these stealers and attackers and at the same time, they learn a new skill when they've become get used to the usage of linux environment. But still, it's not that 100% that they won't be targeted by attackers/hackers.

Although according to this report: Linux malware is on the rise—6 types of attacks to look for.

I think was is more prevalent attack is crypto jacking, because they can really harness of those individuals using Linux flavored OS.

So it mean no one is really immune for such attacks, and numbers are growing as well for Linux. But obviously, 80% could be in Chrome base as security is not that high and majority of us has been "programmed" to used them.

That's right, attacks are lesser but it doesn't mean that linux users or other linux distributions are immune to such attacks. These attackers are focusing more likely to the ones with huge userbase and that's why we keep seeing those attacks from the windows users. But it doesn't give an exception to the linux users. And what matters here, whatever OS you use, you still need to be careful to all of them and start it from yourself with how you use your computers or any devices as any kind of attack might come to you if you aren't careful enough.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

Quote from: Z390 on March 21, 2024, 06:34:03 AM

Well done, this is exactly one of these ways that smart people get scammmed, it turned out that no one is ever smart after all, when it comes to PC i don't want to know how strong and smart you are, its easier to get compromised, one thing will lead to another and you will be left to start asking yourself a question about how you did something wrong..

Even if you are using Linux you can still make a mistake, we are not AI or machines, we are human and making some mistakes will always be a part of us, the only way to stay safe from scams like this is keeping your crypto off your computers.

Using a smartphone for everyday internet surfing is even more safer than using a PC, I take me one time to format my smartphone in two years after purchase but it took me 13 times to format my PC in two years, this is having antivirus installed.

Malware attacks, trojan and spyware's, everywhere, you can't always be safe from all, but this is less or even way lesser on smartphones, now back to crypto, its better to keep your coins in a hardware wallet that don't need a PC to function, make sure its offline type.

I don't agree. It probably all depends on human interests. I don’t communicate on social networks, I don’t download anything from the Internet, I don’t use personal email everywhere, but only where I confidently know the sources that can send me a letter.
If you use Linux, you basically don't need an antivirus. But again, it all depends on the user. Games travel to porn sites, of course, will populate your computer with various viruses, but separating browsers, namely the use of sandboxes, and of course, separating financial life and simple surfing, the meaningfulness of what you want to see from the link offered to you will remove the fear of receiving malicious software.
There are several computers and several gadgets in my house; I don’t remember when and what I formatted, causing harm to hard drives, especially mobile devices (this looks like paranoia). Grin

But I don’t argue or dissuade you from loving Windows, although I will very much disagree with the conclusion that viruses are everywhere. But I always give permission for updates that are required for security
I always remember the expression: “A monkey with a grenade is always dangerous!”

Z390

sr. member

Activity: 714

Merit: 296

Cashback 15%

Quote from: BIT-BENDER on March 20, 2024, 05:07:24 AM

Quote from: lovesmayfamilis on March 20, 2024, 04:53:05 AM

As far as I understand, the stealer hunts for Windows users by installing a shortcut in the form of a PDF file. But we must already remember that the files themselves have the PDF and DOCX extensions often carry the danger of viruses, and it is always not recommended to open them unless you know who could have sent them to you.
One thing I can recommend is to be attentive to your clicks on links so as not to end up on a phishing site. Use a virtual machine if the file is very interesting and necessary, but it’s better to start learning Linux.

This is a very wise advice but I personally feel you can't be too secured, let's say you are very watchful about your clicks and you have been going about your duty online in a safe manner, but your get such PDF sent to you by a trusted person who harmlessly thought they were doing you a favor because maybe the PDF is potential job for you or something else but it turns to be phishing link, malware.

You can't be completely secured that is why you need to have a cold storage wallet, having this would give you satisfaction of safety at no cost, get a device that remains offline, there are lots of ways to get attacked by being online.

You can use this to set it up.
https://electrum.readthedocs.io/en/latest/coldstorage.html

Well done, this is exactly one of these ways that smart people get scammmed, it turned out that no one is ever smart after all, when it comes to PC i don't want to know how strong and smart you are, its easier to get compromised, one thing will lead to another and you will be left to start asking yourself a question about how you did something wrong..

Even if you are using Linux you can still make a mistake, we are not AI or machines, we are human and making some mistakes will always be a part of us, the only way to stay safe from scams like this is keeping your crypto off your computers.

Using a smartphone for everyday internet surfing is even more safer than using a PC, I take me one time to format my smartphone in two years after purchase but it took me 13 times to format my PC in two years, this is having antivirus installed.

Malware attacks, trojan and spyware's, everywhere, you can't always be safe from all, but this is less or even way lesser on smartphones, now back to crypto, its better to keep your coins in a hardware wallet that don't need a PC to function, make sure its offline type.

Doan9269

hero member

Activity: 812

Merit: 560

Scammers are just busy devising new means on how they can steal other peoples asset instead of using such potentials in building up what is good for them and that can help others benefits from, i cant imagine the way people are much desperate about others down fall, a cheap means of acquiring wealth is what some people want and they are not minding giving it all it could require for them to realize their target, we are also to also be on a look for any related attempts to stay safe as we are informed.

Dave1

hero member

Activity: 1260

Merit: 515

Quote from: tabas on March 20, 2024, 06:07:36 PM

Quote from: tech30338 on March 20, 2024, 05:51:37 AM

This has been my recommendation to my friends to use Linux since almost everything can be done with it, at the same time you don't have to worry about expensive licenses in Linux since there are alternative software like office, most virus/malware will not run on it, i use it before and must say it work like a charm, just use ubuntu desktop and you're good to go.

It's because that they have lesser userbase and hackers won't waste time on it as majority of the people either using mac os' and windows. One thing that they can learn from using linux is there's also a career in it that they can be linux systems administrator so, it's a double thing for them. They're able to at least decrease the chances of dealing with these stealers and attackers and at the same time, they learn a new skill when they've become get used to the usage of linux environment. But still, it's not that 100% that they won't be targeted by attackers/hackers.

Although according to this report: Linux malware is on the rise—6 types of attacks to look for.

I think was is more prevalent attack is crypto jacking, because they can really harness of those individuals using Linux flavored OS.

So it mean no one is really immune for such attacks, and numbers are growing as well for Linux. But obviously, 80% could be in Chrome base as security is not that high and majority of us has been "programmed" to used them.

tabas

hero member

Activity: 2954

Merit: 725

Top Crypto Casino

Quote from: tech30338 on March 20, 2024, 05:51:37 AM

This has been my recommendation to my friends to use Linux since almost everything can be done with it, at the same time you don't have to worry about expensive licenses in Linux since there are alternative software like office, most virus/malware will not run on it, i use it before and must say it work like a charm, just use ubuntu desktop and you're good to go.

It's because that they have lesser userbase and hackers won't waste time on it as majority of the people either using mac os' and windows. One thing that they can learn from using linux is there's also a career in it that they can be linux systems administrator so, it's a double thing for them. They're able to at least decrease the chances of dealing with these stealers and attackers and at the same time, they learn a new skill when they've become get used to the usage of linux environment. But still, it's not that 100% that they won't be targeted by attackers/hackers.

Kemarit

legendary

Activity: 3066

Merit: 1352

Quote from: tech30338 on March 20, 2024, 05:51:37 AM

Quote from: lovesmayfamilis on March 20, 2024, 04:53:05 AM

As far as I understand, the stealer hunts for Windows users by installing a shortcut in the form of a PDF file. But we must already remember that the files themselves have the PDF and DOCX extensions often carry the danger of viruses, and it is always not recommended to open them unless you know who could have sent them to you.
One thing I can recommend is to be attentive to your clicks on links so as not to end up on a phishing site. Use a virtual machine if the file is very interesting and necessary, but it’s better to start learning Linux.

This has been my recommendation to my friends to use Linux since almost everything can be done with it, at the same time you don't have to worry about expensive licenses in Linux since there are alternative software like office, most virus/malware will not run on it, i use it before and must say it work like a charm, just use ubuntu desktop and you're good to go.

Yes, I do agree, that it is recommended to use Linux, although there are also malwares that target this OS. However, it's not as friendly as other OS as well that's why it's not as popular as Windows.

But if you are person that really take precautions and serious about your hardware, (laptop/PC), use Unix flavors. I have a old laptop that I installed Linux and this is what I use in the last couple of years.

tech30338

full member

Activity: 532

Merit: 125

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: lovesmayfamilis on March 20, 2024, 04:53:05 AM

As far as I understand, the stealer hunts for Windows users by installing a shortcut in the form of a PDF file. But we must already remember that the files themselves have the PDF and DOCX extensions often carry the danger of viruses, and it is always not recommended to open them unless you know who could have sent them to you.
One thing I can recommend is to be attentive to your clicks on links so as not to end up on a phishing site. Use a virtual machine if the file is very interesting and necessary, but it’s better to start learning Linux.

This has been my recommendation to my friends to use Linux since almost everything can be done with it, at the same time you don't have to worry about expensive licenses in Linux since there are alternative software like office, most virus/malware will not run on it, i use it before and must say it work like a charm, just use ubuntu desktop and you're good to go.

SamReomo

hero member

Activity: 784

Merit: 672

Top Crypto Casino

Quote from: Jawhead999 on March 20, 2024, 04:52:28 AM

Since the malware only attack chrome and firefox extension, it's another reason why we need to use Linux.

Yes, I believe you're right about using of Linux but such malware can also affect those Linux users who have installed Wine-HQ on Linux. The exe file can execute on their machines if they have that Wine-HQ.

In fact the reality is that most of the malware are created to attack Windows users, the simple reason for that is the number of users who use Windows operating system as compare to other operating systems.

I think we should always be careful as crypto-users because even a simple PDF file is enough to compromise someone's system. Those hackers mostly target the users who look for free PDF files.

The malware is also known for stealing someone's browser's data like cookies and other credentials. That's why it's very important to be aware of such malware and stop opening pages without proper knowledge.

BIT-BENDER

hero member

Activity: 1498

Merit: 702

Quote from: lovesmayfamilis on March 20, 2024, 04:53:05 AM

As far as I understand, the stealer hunts for Windows users by installing a shortcut in the form of a PDF file. But we must already remember that the files themselves have the PDF and DOCX extensions often carry the danger of viruses, and it is always not recommended to open them unless you know who could have sent them to you.
One thing I can recommend is to be attentive to your clicks on links so as not to end up on a phishing site. Use a virtual machine if the file is very interesting and necessary, but it’s better to start learning Linux.

This is a very wise advice but I personally feel you can't be too secured, let's say you are very watchful about your clicks and you have been going about your duty online in a safe manner, but your get such PDF sent to you by a trusted person who harmlessly thought they were doing you a favor because maybe the PDF is potential job for you or something else but it turns to be phishing link, malware.

You can't be completely secured that is why you need to have a cold storage wallet, having this would give you satisfaction of safety at no cost, get a device that remains offline, there are lots of ways to get attacked by being online.

You can use this to set it up.
https://electrum.readthedocs.io/en/latest/coldstorage.html

Crypt0Gore

sr. member

Activity: 812

Merit: 260

Why should anyone open a PDF file that isnt yours? Anyways, this is one of the reasons why I will always hate PC for storing anything crypto related, its a bad idea for anyone because you can one day click on something unknowingly, and everything is gone.

A cousin of mine lost his wallet too using his laptop, he claimed he was drunk on that day, but he needed to make some transactions because of his little sister waiting on him to settle some debts in school.

See the thing is, its very easy to mess things up using a computer, I am not surprised by what OP shared, there are even many more ways to compromise your crypto wallet on a PC than many know.

I chose peace after going for an air-gapped crypto wallet, now I use my PC to do anything that I like, I don't have to connect my hardware wallet to anything before making transactions, one more headache is down, all I should worry about should not pass keeping my recovery seed safe, not trying to look out for viruses and spyware's on my PC, too much things to worry about.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

As far as I understand, the stealer hunts for Windows users by installing a shortcut in the form of a PDF file. But we must already remember that the files themselves have the PDF and DOCX extensions often carry the danger of viruses, and it is always not recommended to open them unless you know who could have sent them to you.
One thing I can recommend is to be attentive to your clicks on links so as not to end up on a phishing site. Use a virtual machine if the file is very interesting and necessary, but it’s better to start learning Linux.

Jawhead999

legendary

Activity: 1638

Merit: 1156

It's always been a fake pdf and you need to run it, nowadays it makes me skeptic to open a pdf file even it was send by whom I respect or high unlikely to scam. Since the malware only attack chrome and firefox extension, it's another reason why we need to use Linux.

Jating

hero member

Activity: 2842

Merit: 772

Another malware in the wild dubbed as Azorult malware using fake fronting Google Sites pages and HTML smuggling to steal sensitive information that includes crypto wallet. It is reported that this malware is on the rise and probably it's because of the current bull run that we are seeing.

Azorult malware contains a list of 119 target Chrome wallets and 12 Edge wallet extensions.

Quote

we uncovered a campaign wherein an attacker created fake Google Docs pages on Google Sites from which they used HTML smuggling to download malicious payloads. They lure their victims to the fake Google Docs pages to trick them into believing the downloaded file was from Google Docs.

And the payload is The Azorult payload is a .NET compiled. All stolen files and data are then transmitted to the C2 server over HTTP.

Code:

pg20.exe

Targeted Chrome Wallets

Targeted Edge Wallet

Targeted Firefox Wallet

And it looks for this keyword as well:

So again, cyber criminals activities are ramping up as we go on a bull run already. So we might be very careful time and time again and not let our defense down as the attacks are getting very sophisticated by the day. I think we already have enough information in our community on how to protect our wallets. But from time to time it's also a good practice to revisit it just saying.

https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Topic: AZORult stealer targets crypto wallets with a sophisticated HTML smuggling (Read 139 times)