Info Stealer

Aurora Stealer

First seen: 2022 • Status: active

Currently Active Threat

Aurora is a modern password stealer written in a programming language that helps it work on different types of computers.

Overview

Aurora is a Go-based information stealer that emerged in late 2022. Written in Golang for cross-platform capability, it targets browsers, crypto wallets, and messaging apps.

Also Known As

Aurora Infostealer

How It Spreads

  • Phishing campaigns
  • Fake software
  • Malvertising
  • Loader delivery

What It Does

  • Browser credential theft
  • Crypto wallet theft
  • Telegram/Discord data theft
  • FileGrabber functionality
  • System reconnaissance

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Go-based malware indicators
  • Check for Aurora C2 patterns
  • Analyze broad credential access
  • Review Telegram data exfiltration

MITRE ATT&CK Techniques

T1555, T1539, T1528, T1082, T1005

If You're Infected

  1. 1.

    Remove Aurora stealer

  2. 2.

    Reset all credentials

  3. 3.

    Secure messaging app sessions

  4. 4.

    Move crypto assets

Related Malware

Lumma, Redline, Stealc

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices