Suddenly appearing in 2022, the Aurora malware very quickly made a name for itself alongside Racoon, Lumma and Redline. We learn today that the latter now uses YouTube to access our information.
Unsurprisingly, hackers use description links to lure users into their trap.
Malicious links are in description
You might be used to consuming videos on YouTube and hearing your videographers refer you to the description, where you’ll find affiliate links or sources used. In most cases, these are completely official links, but for the past few weeks, some links have actually hidden a loader allowing the Aurora Stealer malware to come and steal your information.
The flaw was spotted by researchers from the company Morphisec, whose findings were shared with The Hacker News. Specialists have therefore identified a loader called In2al5d p3in4er (read “Invalid Printer”), which is compiled with Embarcadero RAD Studio and which targets workstations using an advanced “anti-virtual machine” technique. By clicking on infected description links, victims are redirected to decoy sites that trick them into downloading Aurora via software that is presented as legitimate.
Once loaded onto the system, Aurora searches for sensitive information and steals it. In parallel, the researchers indicate that the use of Embarcadero RAD Studio allows Aurora to generate executables for several platforms and thus escape detection. As always, we urge you to exercise great caution when clicking on such links.
A malware with dazzling success
Aurora is one of the most successful information-stealing malware and yet it kind of came out of nowhere. For months and years, the sector has been dominated by Redline and Racoon, which benefit from continuous development and improvement to adapt to new security measures. Now, you also have to rely on Aurora, which goes through fake sites, social networks or video distribution and sharing platforms.
First presented and used as a relatively versatile botnet, Aurora evolved into an easy-to-use and easy-to-integrate information stealer. Sold for 250 dollars per month or 1,500 euros for life, the malware is mainly used to steal passwords and then allow the hacking of existing accounts on e-commerce sites or crypto-currency wallets.
Source : The Hacker News
0