STOP ransomware encrypts files and steals victim’s data

The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines.

Experts observed the ransomware also installing the dreaded Azorult password-stealing Trojan on victim’s machine to steal account credentials, cryptocurrency wallets, documents and more.

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. Later it was involved in many malspam attacks, but only in July 2018, the authors released a substantially updated variant.

Read More on Security Affairs