Security News > 2023 > May > Fake in-browser Windows updates push Aurora info-stealer malware
A recently spotted malvertising campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information stealing malware.
Written in Golang, Aurora has been available on various hacker forums for more than a year, advertised as an info stealer with extensive capabilities and low antivirus detection.
Popunder ads are cheap 'pop-up' ads that launch behind the active browser window, staying hidden from the user until they close or move the main browser window.
The more recent one spotted by Malwarebytes has a much lower impact, with close to 30,000 users redirected and almost 600 downloaded and installed the data-stealing malware on their systems.
The threat actor came up with an imaginative idea where the popunder renders a full-screen browser window that simulates a Windows system update screen.
Malwarebytes provides a technical analysis of the malware installation and behavior along with a set of indicators of compromise that companies and security vendors can use to defend their users.
News URL
Related news
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Microsoft improves text contrast for all Windows Chromium browsers (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New Mac Malware Poses as Browser Updates (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)