Novel Go-based information stealer Aurora has been increasingly added by threat actors in their arsenal, with at least seven active cybercrime groups either leveraging the malware exclusively or alongside other info-stealers Raccoon and Redline, BleepingComputer reports.
Threat actors have been attracted by the Aurora info-stealer's unfamiliarity and low detection prevalence, as well as the malware's advanced data theft capabilities and infrastructural stability, according to a SEKOIA report.
While Aurora was initially promoted on Russian forums as a botnet with info-stealing and remote access capabilities in April, SEKOIA researchers discovered that the malware was primarily advertised as stealer in August, with polymorphic compilation without crypter wrapping, server-side data decryption, widespread cryptocurrency targeting, TCP socket operation, automated MetaMask seed phrase deduction, and reverse password collection lookout capabilities being highlighted.
The report found that the execution of Aurora prompts the operation of several commands for information collection, with the malware aiming at browser-stored data, as well as data in cryptocurrency wallet desktop apps, such as Ethereum and Zcash, cryptocurrency browser extensions, and Telegram.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.
BleepingComputer reports that Redis servers that remain unpatched to CVE-2022-0543 are being compromised with the novel Go-based Redigo malware, which is not yet detected on VirusTotal antivirus engines.