Jump to content
  • Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware

    alf9872000

    • 363 views
    • 2 minutes
     Share


    • 363 views
    • 2 minutes

    A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts.

     

    "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake cracked software download websites," cybersecurity firm SEKOIA said.

     

    First advertised on Russian cybercrime forums in April 2022, Aurora was offered as a commodity malware for other threat actors, describing it as a "multi-purpose botnet with stealing, downloading and remote access capabilities."

     

    In the intervening months, the malware has been scaled down to a stealer that can harvest files of interest, data from 40 cryptocurrency wallets, and applications like Telegram.

     

    Aurora also comes with a loader that can deploy a next-stage payloading using a PowerShell command.

     

    Aurora Stealer Malware
     

    The cybersecurity company said at least different cybercrime groups, called traffers, who are responsible for redirecting user's traffic to malicious content operated by other actors, have added Aurora to their toolset, either exclusively or alongside RedLine and Raccoon.

     

    "Aurora is another infostealer targeting data from browsers, cryptocurrency wallets, local systems, and acting as a loader," SEKOIA said. "Sold at a high price on market places, collected data is of particular interest to cybercriminals, allowing them to carry out follow-up lucrative campaigns, including Big Game Hunting operations."

     

    The development also comes as researchers from Palo Alto Networks Unit 42 detailed an enhanced version of another stealer called Typhon Stealer.

     

    The new variant, dubbed Typhon Reborn, is designed to steal from cryptocurrency wallets, web browsers, and other system data, while removing previously existing features like keylogging and cryptocurrency mining in a likely attempt to minimize detection.

     

    "Typhon Stealer provided threat actors with an easy to use, configurable builder for hire," Unit 42 researchers Riley Porter and Uday Pratap Singh said.

     

    "Typhon Reborn's new anti-analysis techniques are evolving along industry lines, becoming more effective in the evasion tactics while broadening their toolset for stealing victim data."

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...