First advertised as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums in April 2022, Aurora Stealer is a Golang-based information stealer with downloading and remote access capabilities. The malware targets data from multiple browsers, cryptocurrency wallets, local systems, and act as a loader. During execution, the malware runs several commands through WMIC to collect basic host information, snaps a desktop image, and exfiltrates data to the C2 server within a single base64-encoded JSON file.
|2023-01-18 ⋅ SANS ISC ⋅ |
Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
|2022-11-21 ⋅ Sekoia ⋅ |
Aurora: a rising stealer flying under the radar
|2022-11-02 ⋅ Sekoia ⋅ |
BlueFox Stealer: a newcomer designed for traffers teams
Aurora Stealer BlueFox
There is no Yara-Signature yet.