Security News > 2023 > May > Fake in-browser Windows updates push Aurora info-stealer malware
A recently spotted malvertising campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information stealing malware.
Written in Golang, Aurora has been available on various hacker forums for more than a year, advertised as an info stealer with extensive capabilities and low antivirus detection.
Popunder ads are cheap 'pop-up' ads that launch behind the active browser window, staying hidden from the user until they close or move the main browser window.
The more recent one spotted by Malwarebytes has a much lower impact, with close to 30,000 users redirected and almost 600 downloaded and installed the data-stealing malware on their systems.
The threat actor came up with an imaginative idea where the popunder renders a full-screen browser window that simulates a Windows system update screen.
Malwarebytes provides a technical analysis of the malware installation and behavior along with a set of indicators of compromise that companies and security vendors can use to defend their users.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New Mac Malware Poses as Browser Updates (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)