Aura Stealer
Also known as: AURA Stealer, AURASTEAL
In July 2025, threat actor AuraCorp began advertising Aura Stealer as a Malware-as-a-Service (MaaS) program with multiple subscription tiers on underground forums. The information stealer targets credentials from over 110 browsers, 70 applications, and 250+ browser extensions, including cryptocurrency wallets and 2FA tools, while using AES-256 encryption for C2 communications. Notable features include seamless Chromium cookie harvesting without process termination, server-side App-Bound data decryption, and a built-in payload loader with custom morphing for detection evasion.
Last 7 days
| Date | C2 Hosts |
|---|---|
| Mar 5, 2026 | 1 |
Further Reading
AURA Stealer malware analysis uncovers its weak codebase, flawed evasion methods, and threat to browser data. Explore full details inside.
A technical walkthrough of obfuscation, anti-analysis and data theft capabilities