- Jul 27, 2015
A growing number of cybercriminal groups are turning to an information stealer named Aurora, which is based on the Go open source programming language, to target data from browsers, cryptocurrency wallets, and local systems.
A research team at cybersecurity firm Sekoia discovered at least seven malicious actors, which it refers to as "traffers," that have added Aurora into their infostealer arsenal. In some cases, it's being used in conjunction with the Redline or Raccoon infostealers as well. More than 40 cryptocurrency wallets, and applications like Telegram, have been successfully targeted so far, according to the report, which highlighted Aurora's relative unknown status and elusive nature as tactical advantages. Aurora was first discovered by the company in July and is thought to have been promoted on Russian-speaking forums since April, where its remote access features and advanced infomation-stealing capabilities were touted.
"In October and November 2022, several hundreds of collected samples and dozens of active C2 servers contributed to confirm SEKOIA.IO['s] previous assessment that Aurora stealer would become a prevalent infostealer," the company's blog post explained. "As multiple threat actors, including traffers teams, added the malware to their arsenal, Aurora Stealer is becoming a prominent threat."
The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.