Aura Stealer Propose Change

In July 2025, threat actor AuraCorp advertised AURA Stealer on an underground forum. This PureBasic-written malware operates as a subscription-based information stealer that targets credentials and session data from over 110 browsers, 70 applications, and 250+ browser extensions, including cryptocurrency wallets and 2FA tools. Key features include seamless cookie harvesting from Chromium browsers without process termination, server-side decryption of App-Bound data via custom shellcode, and a built-in secondary payload loader—all within a lightweight 500-700 KB package designed to evade detection through custom morphing techniques.

References

There is no Yara-Signature yet.