Skip to main content

Posts

Showing posts with the label persistence

AZORult trojan disguised as Google update installer steals credentials

AZORult hides as a Google Updater program and replaces the legitimate Google Updater program on the compromised systems. As the malware replaces the legitimate Google Updater program, it can achieve persistency without having to alter Windows registry or add any scheduled tasks on its own. Researchers recently observed the AZORult information stealer malware disguised as a Google Updater program and achieving persistence by replacing the legitimate Google Updater program on the compromised systems. Researchers from Minerva Labs, Asaf Aprozper and Gal Bitensky, detected the malware after they received a GoogleUpdate.exe binary signed with a valid certificate which was blocked by their security tool. Fake Google Update binary The researchers noted that the Google Updater program appeared to be legitimate, having the right icon and being signed with a non-revoked certificate. However, upon closer inspection, the researchers found that the binary was actually signed