Aurora, a Multipurpose Botnet and Information Stealer, Gains Popularity


Cybersecurity company reports that several cybercriminals have adopted Aurora, a multi-purpose botnet that has been advertised on dark web forums since April.

The Golang-written malware, which comes with information stealing, remote access, and downloader capabilities, first appeared on Russian-speaking underground forums and was being sold as malware-as-a-service (MaaS) by a threat actor going by the name of “Cheshire.” Tens of Aurora samples and numerous command-and-control (C&C) servers connected to the botnets were discovered by in July, but the malware’s development appeared to have temporarily halted.

Also Read: Strengthening Enterprise Cybersecurity to Combat Rising Cyber Attacks

The threat began to be marketed as an information thief rather than a botnet in August. The cybersecurity company discovered hundreds of samples and dozens of live C&C servers in October and November, proving that Aurora had established itself as a well-known infothief.

Read More: Multi-Purpose Botnet and Infostealer ‘Aurora’ Rising to Fame