menu_book Malware Family

AZORult

Also known as: Azorult

AZORult is a veteran infostealer and downloader that harvests browser credentials, cookies, cryptocurrency wallets, and files. Though older, its code has influenced many later stealers and its logs remain a reference point in the credential-theft economy.

What is AZORult?

AZORult is one of the older infostealer families, active since the mid-2010s. It collects credentials, cookies, browsing history, and crypto wallets, and can download additional malware. Its long history and leaked builds influenced numerous successor stealers.

Legacy and influence

AZORult's availability and source leaks made it a template for the modern stealer market. Even as it declined, its design patterns persist in newer families.

How VantaPrism Tracks AZORult

VantaPrism's historical corpus includes legacy families like AZORult, useful for tracing how long a given credential has circulated across the ecosystem.

Check Your Exposure arrow_forward

Frequently Asked Questions

Is AZORult still a threat?

expand_more

AZORult is largely legacy, but its influence on later stealers is significant and previously stolen AZORult data can still circulate.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…

Stealer Logs arrow_outward

A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…

Loader Malware arrow_outward

Loader malware (a loader or dropper) is software whose job is to install other malware on a compromised device. Loade…

Compromised Credentials arrow_outward

Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…

← All Glossary Terms Last reviewed: June 2026