Aurora info stealer deployed via fraudulent Windows updates

BleepingComputer reports that fake in-browser Windows update simulations are being leveraged in a new malvertising campaign deploying the Aurora information stealer, which has resulted in nearly 30,000 redirections and almost 600 infections. Over a dozen domains, most of which are masquerading as adult sites, have been used to show the fraudulent Windows update, which when clicked would download a "ChromeUpdater.exe" file that is in fact the fully undetectable Invalid Printer malware loader, a report from Malwarebytes revealed. After identifying that the target's graphic card is not in a sandbox or running on a virtual machine, Invalid Printer proceeds to execute an Aurora info stealer copy. Attackers behind the malvertising operation have been found to steadily submit new malware samples on Virus Total, indicating efforts to develop antivirus bypassing tools, as well as leverage the Amadey panel, suggesting their involvement in Ukraine-targeted tech support scams.