New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Meet the team at Infosecurity Europe 2025
Book a Meeting

Aurora: A Rising Stealer Flying Under The Radar

November 24, 2022

Aurora is a multipurpose botnet with data collection, information stealer, downloading, and remote access Trojan (RAT) capabilities. This botnet was sold as a Malware-as-a-Service (MaaS) by a threat actor going by the handle Cheshire. It is advertised as an info-stealer, and Sekoia identified several traffer teams that have announced that they have added it to their malware toolset. Aurora is written in Golang and targets browsers, cryptocurrency wallets, local systems and can even act as a loader. The collected data is of particular interest to cyber criminals, allowing them to carry out lucrative follow-up campaigns. It is widely distributed using multiple infection chains, including phishing websites masquerading as legitimate ones.