Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Bogus Google Sites Spread AZORult

March 19, 2024
Reading Time: 3 mins read
in Alerts

A new malware campaign leveraging counterfeit Google Sites pages and HTML smuggling techniques to distribute the AZORult info-stealer has been uncovered by cybersecurity researchers. The campaign, not yet attributed to a specific threat actor, demonstrates a sophisticated approach to facilitating information theft, with AZORult’s capabilities dating back to 2016. This resurgence involves the creation of bogus Google Docs pages on Google Sites, utilizing HTML smuggling to deploy the payload, effectively bypassing traditional security measures such as email gateways.

AZORult, also known as PuffStealer and Ruzalto, is notorious for its ability to gather sensitive information from compromised systems, including credentials, cookies, browser history, and data from cryptocurrency wallets. This latest campaign employs a series of stealthy techniques, including reflective code loading and AMSI bypass, to execute the info-stealer discreetly, evading detection by host-based anti-malware products like Windows Defender. Furthermore, the use of legitimate domains like Google Sites adds a layer of legitimacy to the phishing scheme, increasing the likelihood of victims falling prey to the malicious payload.

The threat landscape continues to evolve, with threat actors employing innovative tactics to disseminate malware and compromise systems worldwide. In addition to HTML smuggling, recent campaigns have exploited various techniques, such as malicious SVG files and shortcut files packed within archive files, to propagate malware like Agent Tesla, XWorm, and LokiBot. These findings underscore the importance of ongoing vigilance and the implementation of robust security measures to protect against emerging threats.

Moreover, regional targeting adds another dimension to the threat landscape, with users in Latin America facing phishing campaigns impersonating government agencies to distribute remote access trojans like AsyncRAT, njRAT, and Remcos. As cyber adversaries adapt their tactics to exploit vulnerabilities and evade detection, collaboration between cybersecurity experts, government agencies, and industry stakeholders is essential to mitigate the impact of these malicious campaigns and safeguard digital infrastructure from cyber threats.

Reference:
  • From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites

Tags: AZORultCyber AlertCyber Alerts 2024Cyber RiskCyber threatCybersecurityGoogleMalwareMalware CampaignMarch 2024
ADVERTISEMENT

Related Posts

Water Curse Group Hits Developers Via GitHub

Water Curse Group Hits Developers Via GitHub

June 17, 2025
Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

June 17, 2025
Water Curse Group Hits Developers Via GitHub

CISA Warns Of Apple Zero Click Exploit

June 17, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

PyPI Malware Steals AWS, CI/CD, macOS Data

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

Image Hiding in DNS TXT Records

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

June 16, 2025

Latest Alerts

Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

CISA Warns Of Apple Zero Click Exploit

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Subscribe to our newsletter

    Latest Incidents

    Zoomcar Data Breach Hits 8.4 Million Users

    Gunra Claims 45TB Hack On Colombia Justice

    Qilin Gang Leaks Asefa FC Barcelona Data

    Canada WestJet Airline Contains Cyberattack

    Hackers Leak 10K VirtualMacOSX Customer Data

    Washington Post Investigates Cyberattack on Emails

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial