Security News > 2023 > May > Fake in-browser Windows updates push Aurora info-stealer malware
A recently spotted malvertising campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information stealing malware.
Written in Golang, Aurora has been available on various hacker forums for more than a year, advertised as an info stealer with extensive capabilities and low antivirus detection.
Popunder ads are cheap 'pop-up' ads that launch behind the active browser window, staying hidden from the user until they close or move the main browser window.
The more recent one spotted by Malwarebytes has a much lower impact, with close to 30,000 users redirected and almost 600 downloaded and installed the data-stealing malware on their systems.
The threat actor came up with an imaginative idea where the popunder renders a full-screen browser window that simulates a Windows system update screen.
Malwarebytes provides a technical analysis of the malware installation and behavior along with a set of indicators of compromise that companies and security vendors can use to defend their users.
News URL
Related news
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)
- Detecting Windows-based Malware Through Better Visibility (source)
- New Windows driver blocks software from changing default web browser (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)