Cybersecurity company Sekoia.io reports that several cybercriminals have adopted Aurora, a multi-purpose botnet that has been advertised on dark web forums since April.
The Golang-written malware, which comes with information stealing, remote access, and downloader capabilities, first appeared on Russian-speaking underground forums and was being sold as malware-as-a-service (MaaS) by a threat actor going by the name of “Cheshire.” Tens of Aurora samples and numerous command-and-control (C&C) servers connected to the botnets were discovered by Sekoia.io in July, but the malware’s development appeared to have temporarily halted.
Also Read: Strengthening Enterprise Cybersecurity to Combat Rising Cyber Attacks
The threat began to be marketed as an information thief rather than a botnet in August. The cybersecurity company discovered hundreds of samples and dozens of live C&C servers in October and November, proving that Aurora had established itself as a well-known infothief.
Read More: Multi-Purpose Botnet and Infostealer ‘Aurora’ Rising to Fame
