Sextortion Emails Installing GandCrab Ransomware and Azorult Trojan

  1. Home
  2. Sextortion Emails Installing GandCrab Ransomware and Azorult Trojan

Sextortion Emails Installing GandCrab Ransomware and Azorult Trojan


A new sextortion email campaign is targeting thousands around the United States. The campaign tricks recipients into installing the Azorult information-stealing Trojan, which downloads and installs GandCrab ransomware.

What is Sextortion?

A sextortion scam is when you receive an email that states someone hacked your computer and has been creating videos of you while you are using adult websites. These emails may also contain your passwords that were leaked during data breaches; making the scams look very legitimate.

The scammer then tells you to send them Bitcoin. Otherwise, they will share the videos of you with all of your contacts.

“In general, sextortion emails simply demand payment to avoid publication of purported evidence of compromising information,” Proofpoint researchers said in a post.

Azorult Trojan and GandCrab Ransomware Sextortion Campaign

In a new campaign discovered by researchers at Proofpoint, instead of including a Bitcoin address to send the blackmail payment to, scammers are prompting victims to download a video they made of you doing certain “activities.” However, the downloaded zip file contains an executable that will install malware onto the computer. Sample emails from the scam have also included URLs linking to Azorult Stealer that leads to infection with GandCrab ransomware.


As we can see from the email above, the scammer claims to have gained access to your OS (Operating System) on a specific date. What makes the email seem so legitimate is the fact that the scammers go into extreme detail on how they gained access to your computer and the data they were able to compromise.

By going into such detail, this tactic is very treacherous as recipients may be scared enough to want to confirm if a video of them exists. They then download the file or click on the URL and find themselves infected with two different types of malware.

Azorult will be used to steal your information from your computer such as account login credentials, cookies, files, chat history, and more. Then, the Trojan installs the GandCrab ransomware, which will encrypt your computer’s files. In this case, the ransom payment is currently set at $500 in Bitcoin or open-source cryptocurrency, DASH.

To avoid such sextortion scams, researchers warned that email users should assume that senders do not possess any screenshots of compromising activities and should avoid clicking on links or opening any files to verify the sender’s claims.

Previous Post
Scams Targeting Holiday Shoppers
Next Post
Mac Malware Makes WatchGuard’s Top 10 Most Common Malware List

Related Posts