One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 8286103 |
| Date de publication | 2022-11-30 16:30:12 (vue: 2022-12-01 01:05:46) |
| Titre | Aurora Infostealer Sold on Darknet and Telegram |
| Texte | FortiGuard Labs is aware of a report that a new infostealer named "Aurora" is being offered for sale on the darkweb and Telegram. The infostealer was allegedly developed by a threat actor who previously developed the Aurora botnet. Aurora infostealer is capable of stealing data from compromised machines as well as downloading and executing remote files.Why is this Significant?This is significant because Aurora is a new Malware-as-a-Service (MaaS) infostealer reportedly advertised in darknet and telegram sites. Aurora not only steals information from compromised machines but also deploys additional malware. According to outside reports, several active threat actors are using Aurora infostealer. What is Aurora Infostealer?Aurora is a Go-based infostealer that targets web browsers, cryptocurrency related browser extensions, cryptocurrency wallets in compromised machines for data exfiltration. Aurora is also capable of downloading and executing remote files, which can be used for deployment of additional malware.The reported infection vector is luring users to install fake software promoted in bogus cryptocurrency and free software web sites. What is the Status of Protection?FortiGuard Labs provide the following AV signatures against known Aurora infostealer samples:W32/Agent.IE!trW32/PossibleThreatReported network IOCs associated with Aurora infostealer are blocked by the Webfiltering client. |
| Envoyé | Oui |
| Condensat | according active actor actors additional advertised against allegedly also are associated aurora aware based because being blocked bogus botnet browser browsers but can capable client compromised cryptocurrency darknet darkweb data deployment deploys developed downloading executing exfiltration extensions fake files following fortiguard free from infection information infostealer install iocs known labs luring maas machines malware named network new not offered only outside previously promoted protection provide related remote report reported reportedly reports sale samples:w32/agent service several signatures significant sites software sold status stealing steals targets telegram threat trw32/possiblethreatreported used users using vector wallets web webfiltering well what which who why |
| Tags | Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.