Aura Stealer Propose Change

In July 2025, threat actor AuraCorp began advertising Aura Stealer as a Malware-as-a-Service (MaaS) program with multiple subscription tiers on underground forums. The information stealer targets credentials from over 110 browsers, 70 applications, and 250+ browser extensions, including cryptocurrency wallets and 2FA tools, while using AES-256 encryption for C2 communications.
Notable features include seamless Chromium cookie harvesting without process termination, server-side App-Bound data decryption, and a built-in payload loader with custom morphing for detection evasion.

References

There is no Yara-Signature yet.