Researchers security they discovered a new one hacking campaign aimed at spreading it Azorult malware. The hackers behind the campaign, they are abusing it protonVPN, after introducing Azorult as a ProtonVPN installer to infect Windows computers.
Researchers have identified several victims of Azorult malware. This malware is often sold to russian hacking forums. It is one of the most expensive and sought after malware because it offers a wide range of capabilities.
In this campaign, the hackers created one fake ProtonVPN site, which is an exact HTTrack copy of the actual ProtonVPN site. The Criminals manage to spread Azorult by presenting it as installer package for Windows computers.
Η campaign launched in November 2019 and seems to come from Russia.

Attackers use various infection machines to spread Azorult malware and affect Windows systems. One common method of spreading is Malvertising.
If users visit the fake ProtonVPN site and download the fake ProtonVPN installer for Windows, they will receive a copy of the Azorult botnet.
After the computer gets infected, Azorult starts to collects system information. It then sends the stolen information to the attackers via a command and control server located on the same accounts [.] protonvpn [.] store server.
According to her researchers Kaspersky, the Azorult malware that targets Windows computers, designed in such a way that it can steal: cryptocurrencies (Electrum, Bitcoin, Etherium etc.), FTP logins and passwords from fileZilla, e-mail credentials, his information browser (including cookies), credentials for WinSCP, Pidgin Messenger and much more.