One of the most recent discoveries was the Aurora Stealer malware, which imitated popular applications in order to infect as many users as possible.
Cyble researchers discovered that threat actors are actively changing and customizing their phishing websites in order to target a wide range of well-known applications. Aurora is interested in data from web browsers and cryptocurrency wallets, among other things.
Aurora, the Shapeshifting Thief
Aurora has been marketed as a stealer on Telegram and darknet forums since late August 2022. Malware-as-a-service costs $250 per month or $1500 for a lifetime license.
Cyble Research and Intelligence Labs (CRIL) discovered a phishing website (hxxps[:]/messenger-download[.]top) claiming to be a website for a chat app on January 16th, 2023. The next day, the same webpage impersonated the official TeamViewer website.
According to the researchers’ report, the malware file gathers system information using Windows Management Instrumentation (WMI) commands, including the operating system’s name, the graphics card’s name, and the processor’s name.
Furthermore, the malware persists in collecting system information such
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: