Aura Stealer
Also known as: AURA Stealer, AURASTEAL
In July 2025, threat actor AuraCorp began advertising Aura Stealer as a Malware-as-a-Service (MaaS) program with multiple subscription tiers on underground forums. The information stealer targets credentials from over 110 browsers, 70 applications, and 250+ browser extensions, including cryptocurrency wallets and 2FA tools, while using AES-256 encryption for C2 communications. Notable features include seamless Chromium cookie harvesting without process termination, server-side App-Bound data decryption, and a built-in payload loader with custom morphing for detection evasion.
Last 7 days
No activity observed in the last 7 days.
Further Reading
Hello it’s me again today i gonna share my thought process and experience with aura stealer i was looking for some new malware with either a virtual â¦
Hello party people today we gonna deep dive into the topic of obfuscation in AuraStealer just kiddin this aint chatgpt, this is my bad english. Profile So lets â¦
AURA Stealer malware analysis uncovers its weak codebase, flawed evasion methods, and threat to browser data. Explore full details inside.
A technical walkthrough of obfuscation, anti-analysis and data theft capabilities