Security researchers warn of a new malware loader that’s used as part of the infection chain for the Aurora information stealer. The loader uses anti-virtual-machine (VM) and unusual compilation techniques that seem to make it quite successful at avoiding detection by security solutions.
The Aurora infostealer is written in Go and is operated as a malware-as-a-service platform that’s advertised on Russian-language cybercrime forums. It started gaining popularity among cybercriminals at the end of last year because it is modular and can also be used as a malware downloader to deploy additional payloads in addition to its core functionality of stealing data and credentials from multiple web browsers, cryptocurrency wallets, and local applications.