Security News > 2023 > May > Fake in-browser Windows updates push Aurora info-stealer malware
A recently spotted malvertising campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information stealing malware.
Written in Golang, Aurora has been available on various hacker forums for more than a year, advertised as an info stealer with extensive capabilities and low antivirus detection.
Popunder ads are cheap 'pop-up' ads that launch behind the active browser window, staying hidden from the user until they close or move the main browser window.
The more recent one spotted by Malwarebytes has a much lower impact, with close to 30,000 users redirected and almost 600 downloaded and installed the data-stealing malware on their systems.
The threat actor came up with an imaginative idea where the popunder renders a full-screen browser window that simulates a Windows system update screen.
Malwarebytes provides a technical analysis of the malware installation and behavior along with a set of indicators of compromise that companies and security vendors can use to defend their users.
News URL
Related news
- Fake browser updates spread updated WarmCookie malware (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)