U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire. It is a multi-purpose botnet with data stealing […]

Aurora Stealer

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild.

Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire. It is a multi-purpose botnet with data stealing and remote access capabilities.

Aurora Stealer

Researchers at SEKOIA identified 7 traffers teams on Dark Web forums that announced the availability of the Aurora Stealer in their arsenal, a circumstance that confirms the increased popularity of the malware among threat actors.

Traffers TeamMalware arsenalLaunch dateLast observed activity
RavenLogsAurora, Redline17/10/202214/11/2022
BrazzersLogsAurora, Raccoon14/11/202214/11/2022
DevilsTraffAurora, Raccoon30/10/202214/11/2022
YungRussiaAurora16/10/202231/10/2022
Gfbg6Aurora14/09/202224/10/2022
SAKURAAurora10/08/202204/11/2022
HellRideAurora09/07/202215/07/2022

In October and November 2022, the researchers analyzed several hundreds of collected samples and identified dozens of active C2 servers. The experts also observed multiple infection chains leading to the deployment of Aurora stealer. The attackers used methods to deliver the malware, including phishing websites masquerading as legitimate ones, YouTube videos and fake “free software catalogue” websites.

“These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake cracked software download websites.” reads the analysis by the experts.

The malware was also able to target 40 cryptocurrency wallets and applications like Telegram.

Threat actors behind this malware also advertised its loader capabilities, the malicious code in fact is able to deploy a next-stage payload using a PowerShell command.

“Aurora is another infostealer targeting data from browsers, cryptocurrency wallets, local systems, and acting as a loader. Sold at a high price on market places, collected data is of particular interest to cybercriminals, allowing them to carry out follow-up lucrative campaigns, including Big Game Hunting operations.” concludes the report. “As multiple threat actors, including traffers teams, added the malware to their arsenal, Aurora Stealer is becoming a prominent threat.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Aurora Stealer)

[adrotate banner=”5″]

[adrotate banner=”13″]