Aurora: A Rising Stealer Flying Under The Radar
Aurora is a multipurpose botnet with data collection, information stealer, downloading, and remote access Trojan (RAT) capabilities.
This botnet was sold as a Malware-as-a-Service (MaaS) by a threat actor going by the handle Cheshire.
It is advertised as an info-stealer, and Sekoia identified several traffer teams that have announced that they have added it to their malware toolset.
Aurora is written in Golang and targets browsers, cryptocurrency wallets, local systems and can even act as a loader.
The collected data is of particular interest to cyber criminals, allowing them to carry out lucrative follow-up campaigns.
It is widely distributed using multiple infection chains, including phishing websites masquerading as legitimate ones.
Featured Resources
blog
Task Scheduler– New Vulnerabilities for schtasks.exe
Introduction The schtasks.exe binary is a core component of the Task Scheduler Service in Windows, enabling users to schedule and
Solution Brief
Detection Engineering
Early Detection is Critical to Stopping Cyber Attacks Threat actors often move across IT networks and cloud environments, evolving tactics
blog
Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation
Introduction The AWS Systems Manager (SSM) Agent is a core component of Amazon Web Services management and automation capabilities, enabling