Analysis of Aurora, from botnet to stealer 🌌

Through our Dark Web monitoring routine, SEKOIA.IO discovered a new Golang botnet advertised by its alleged developer as Aurora botnet since April 2022. In July 2022, we published an analysis the malware and the profile of the threat actor advertising Aurora (FLINT 2022-042 - Aurora: a new Golang botnet in Wonderland). Since September 2022, Aurora is now advertised as a stealer and several traffers teams announced they added it to their malware toolset. Furthermore, SEKOIA.IO observed an increase in the number of Aurora samples distributed in the wild, as well as C2 servers. Last week, we analysed in depth Aurora Stealer and shared the results of our investigation in the FLINT 2022-055 (Aurora: a rising stealer flying under the radar). ![aurora_traffers.png](BASE/products/901462981/changelog/14515/inline-6daaa1909ff4a32aa644d2fdb5a7c7bb.jpg) Related resources: * [FLINT 2022-055 - Aurora: a rising stealer flying under the radar]( * [Aurora malware page](