Last fall, in online communities devoted to cryptocurrencies, the announcement appeared in the application for monitoring the course of cryptocurrencies. The app is free, convenient and even has a valid digital signature. But for the health of hidden malicious functionality.
When installed on the user devices, the program downloads, compiles and executes source code that is downloaded from a personal developer account on Github. Then it loads the Trojan.PWS.Stealer.24943, also known as AZORult. This Trojan is used to steal personal data including passwords from crypto-currency wallets.
FOR has localization in English, Russian and Polish languages and in the Internet mainly through the crypto community in social network Vkontakte. The Trojan is still available on various file-sharing services, as well as on Github.