Skip to main content

Home AZORult


Also known as: PuffStealer, Rultazo

Category: Malware

Type: Trojan (info stealer)

Platforms affected: Windows

Variants: There are a few variants of AZORult, each with different capabilities that are often updated to evade detection.

Damage potential: Installing other malware, stealing usernames and passwords, credit card details, and crypto wallets.


AZORult was first noticed in 2016. It’s a trojan that’s designed to steal financial information and particularly targets cryptocurrency users. It is believed to have been created by Russian cybercriminals as it was predominantly sold on Russian underground hacking forums. Some variants can create a remote desktop connection with the infected system, allowing the attackers to monitor their victim completely.

Possible symptoms

  • Your computer slows down drastically overnight.
  • An MS Office document asks you to enable macros, but you can’t remember including them in the document.
  • The Task Manager shows unrecognized processes.
  • Your network is busy because of the constant data transmissions.
  • Software and services start notifying you about new logins or unauthorized access attempts.

Sources of the infection

Cybercriminals use AZORult to target individual users. There are two main ways it ends up on your Windows device:

  • You get a phishing email with fake payment information that tricks you into downloading and opening the attachment.
  • You visit a compromised or malicious website that automatically downloads and installs AZORult through a drive-by download.
  • You use a KeyGen to generate activation keys for pirated software and it secretly drops malware into your system.


Try to ensure that the trojan doesn’t get onto your device in the first place. So be cautious when you get unsolicited emails, especially if they have an attachment or links. And try to steer away from dubious websites, and if you do end up in one — don’t click on any of the ads.

You can use NordVPN’s Threat Protection Pro to make your browsing safer and help you avoid malware. It will block your access to malicious websites and scan the files you’re downloading and delete them if malware is found.

AZORult removal

  1. 1.Use an antivirus. Run a full system scan using a recently updated antivirus software to detect and remove AZORult. You can also start your computer in safe mode to limit the malware’s operations and make the removal easier.
  2. 2.Restore your system. Delete everything on your device, restore factory settings, and start fresh. You will lose all the files you store on that computer, but if you have them backed up externally, it’s a reliable way to remove malware.