Cyber Criminals Using Go-based Aurora Stealer Malware
Reading Time: 2 minutes

Cybercriminals are using Go bases Aurora Stealer Malware as part of campaigns designed to steal sensitive information from compromised hosts, according to researchers at cybersecurity firm SEKOIA.

SEKOIA cybersecurity firm said, “These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake cracked software download websites.”

The Aurora stealer malware was first advertised on Russian cybercrime forums in April 2022. It was marketed as a multi-purpose botnet that could steal data, download content, and access devices remotely.

A few months earlier this malware has been scaled down to a stealer that can only steal files of interest, data from 40 cryptocurrency wallets, and applications like Telegram.

The Aurora stealer malware also offers a loader that can deploy next-stage payloads using PowerShell commands.

At least two different cybercrime groups called traffers are responsible for redirecting user traffic to malicious content and have added Aurora to their toolset.

The firm further added, “Aurora is an info stealer that targets data from browsers, cryptocurrency wallets, and local systems. It also can act as a loader. The high price of malware on marketplace websites makes it very lucrative for cybercriminals. Successful campaigns allow criminals to target Big Game Hunting.”

Researchers from Palo Alto Networks Unit 42 detailed an enhanced version of Typhon Stealer. The development also comes as researchers from Palo Alto Networks Unit 42 detailed an enhanced version of another stealer called Typhon Stealer.

The latest iteration of the malware is called Typhon Reborn and was created to steal from cryptocurrency wallets. It’s also designed to scrub any previous features like keylogging or cryptocurrency mining. The new variant likely won’t get noticed as easily as the others.

“Typhon Stealer provided malicious actors with an easy-to-use and customizable builder for hire,” said Unit 42 researchers Riley Porter and Uday Pratap Singh.

Typhon Reborn uses new anti-analysis techniques that are ahead of their time, evolving along the industry lines to keep their evasion tactics up-to-date. Along with their keen ability to steal victims’ data, they’re a force to be reckoned with.

Related Articles:
Cracked Version of Cobalt Strike Hacking Toolkit Identified by Google in the Wild
3 Iranian Nationals Charged in Hacking and Ransomware Scheme Against US Organizations
North Korean Lazarus Hacking Group Caught Spying on Chemical Sector Companies