"Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware"

Aurora Stealer, a new Go-based malware, is increasingly being used in campaigns to steal sensitive information from compromised hosts. These infection chains use phishing pages impersonating legitimate software download pages, such as those for cryptocurrency wallets or remote access tools. Aurora was first advertised as a commodity malware for other threat actors on Russian cybercrime forums in April 2022, describing itself as a multi-purpose botnet with stealing, downloading, and remote access capabilities. In the months since, the malware has been reduced to a stealer capable of stealing files of interest, data from 40 cryptocurrency wallets, and applications such as Telegram. Aurora also includes a loader that can deploy a next-stage payload using a PowerShell command. According to the cybersecurity firm SEKOIA, different cybercrime groups known as traffers, who redirect user traffic to malicious content operated by other actors, have added Aurora to their toolkit, either exclusively or alongside RedLine and Raccoon. This article continues to discuss the findings surrounding the Aurora Stealer malware.

THN reports "Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware"