Researchers Discover YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader
Researchers have discovered a loader named "in2al5d p3in4er" that is being used to deliver the Aurora information stealer malware via YouTube videos and fake software download sites. The loader uses advanced anti-VM techniques and is designed to query the vendor ID of the graphics card installed on a system to evade detection. The loader is compiled with Embarcadero RAD Studio and generates executables for multiple platforms. This loader is being used for a high-impact campaign that employs social engineering methods and directs viewers to convincing-looking fake websites to distribute the stealer malware. Additionally, another malware loader called AresLoader has been unearthed, which is marketed for $300/month as a service for criminal actors to push information stealers disguised as popular software using a binder tool.