Meet the Gazorp Malware Builder

Meet the Gazorp Malware Builder

Full facility malware builders are changing how scammers and hackers are gaining access to your devices. Worryingly, these malware builders are free, easy-to-access and particularly pernicious – capable of large-scale infections. If you know where to look, as a threat actor, there is a full menu of tools you can now leverage.


Gazorp is the latest in a running theme, a malware builder readily available on the dark web empowering even novices with the capability to develop custom malware in three stages, (1) download the builder, (2) install the panel and (3) release the AZORult malware. Although frightening, this concept is nothing new, we had provided information on specific RAAS incidents here.

Gazorp is a malware builder on the move, with the malware AZORult now on version 3.2 (which along with 3.1 was leaked online). Since its first version there have been a number of new additions and code panel upgrades. Some of these additions include:


  • A global heat map that provides success rates on a country-by-country basis.

  • Fully customizable with the ability to create complex components.

  • Upgrade for admin, users, system, and guests.

  • A telegram link so you can better communicate with Gazorp’s authors.


Malware builders make life easy

Services such as these are making life very easy for hackers – the low barrier to entry also means that it lacks the sophistication usually found in successful malware campaigns. Gazorp itself runs old versions of the AZORult malware meaning that if you are updated and patched you can protect yourself and your business.


Researchers have indicated that however, that Gazorp may continue to improve and update as more and more threat actor discover the free service and start making donations.

We educate.
We update.
We protect.
We secure.
We back up.

You can learn more about Aware’s RMM solution here or contact our IT Security team.