website malware

Conceal Threat Alert: Aurora Malware as a Service Targets Crypto Wallets & Credentials

Another week, another piece of credential-stealing malware abusing trust to infect devices via the browser. Just before Thanksgiving, cybersecurity solution provider, Sekoia released a report on a recently discovered piece of malware dubbed “Aurora” by its developer. According to the report, Aurora is advertised as a malware-as-a-service that can be hired to steal credentials for cryptocurrency wallets and sensitive websites. Criminal groups wasted no time in developing social engineering and phishing approaches to distribute the malware.

While Aurora itself does not contain a delivery vector, enterprising criminal groups have put together at least one very professional-looking website designed to mimic the Exodus Wallet website and lure victims into downloading the malware with the promise of a crypto reward. Another delivery vector used by at least one group is YouTube videos posted on compromised accounts on how to download cracked software, and then providing a link to Aurora malware on a legitimate file-sharing platform. In both cases, the Aurora software then immediately connects to a C2 server allowing the attacker to steal data from the victim.

 How can you stop this abuse of trust?

The criminals who developed the social engineering pathways to move users to download the Aurora malware utilize interesting tricks to deceive users into downloading the malware. In the case of the Exodus wallet, the phishing page is built to target one of the more lucrative use cases for Aurora: its ability to steal crypto wallets. The “cracked software” infection chain targets individuals who are already showing an elevated risk tolerance by searching for information on cracked software in the first place, as such sites are notoriously prone to malware.

We have previously discussed a case where the social engineering aspect of the attack was designed to target an audience with a specific set of characteristics. In that case, Dropbox engineers were fooled into providing their GitHub credentials by an attacker that was savvy enough to know about a specific tool. By masquerading as that tool, the engineers lowered their guard and provided their credentials to the site.

In all these cases, clever attackers identified specific characteristics of their prime targets and crafted attack chains that appealed to the very characteristics they were targeting. This type of social engineering regularly overcomes the mistrust that security awareness training attempts to instill in users. No matter how good an awareness program is, it is vital to provide a software-enforced zero-trust barrier between users and the Internet.

How can a user’s trust be made irrelevant? 

ConcealBrowse is one option for ensuring that no matter how good a social engineering technique is, and no matter how real a phishing website looks, a user’s decisions and actions cannot result in a successful attack on your organization’s network. ConcealBrowse works silently in the background, checking every website, app, and resource loaded in your browser to determine if it is safe, risky, or malicious. ConcealBrowse then takes the necessary steps to make sure your organization remains secure. 

Set up a call with us today to find out how ConcealBrowse can keep your organization safe from phishing, ransomware, and all other types of malware delivered through the browser.