A new malware campaign leveraging counterfeit Google Sites pages and HTML smuggling techniques to distribute the AZORult info-stealer has been uncovered by cybersecurity researchers. The campaign, not yet attributed to a specific threat actor, demonstrates a sophisticated approach to facilitating information theft, with AZORult’s capabilities dating back to 2016. This resurgence involves the creation of bogus Google Docs pages on Google Sites, utilizing HTML smuggling to deploy the payload, effectively bypassing traditional security measures such as email gateways.
AZORult, also known as PuffStealer and Ruzalto, is notorious for its ability to gather sensitive information from compromised systems, including credentials, cookies, browser history, and data from cryptocurrency wallets. This latest campaign employs a series of stealthy techniques, including reflective code loading and AMSI bypass, to execute the info-stealer discreetly, evading detection by host-based anti-malware products like Windows Defender. Furthermore, the use of legitimate domains like Google Sites adds a layer of legitimacy to the phishing scheme, increasing the likelihood of victims falling prey to the malicious payload.
The threat landscape continues to evolve, with threat actors employing innovative tactics to disseminate malware and compromise systems worldwide. In addition to HTML smuggling, recent campaigns have exploited various techniques, such as malicious SVG files and shortcut files packed within archive files, to propagate malware like Agent Tesla, XWorm, and LokiBot. These findings underscore the importance of ongoing vigilance and the implementation of robust security measures to protect against emerging threats.
Moreover, regional targeting adds another dimension to the threat landscape, with users in Latin America facing phishing campaigns impersonating government agencies to distribute remote access trojans like AsyncRAT, njRAT, and Remcos. As cyber adversaries adapt their tactics to exploit vulnerabilities and evade detection, collaboration between cybersecurity experts, government agencies, and industry stakeholders is essential to mitigate the impact of these malicious campaigns and safeguard digital infrastructure from cyber threats.
