Free Phone Consultation For New Clients | CONTACT NOW

Fake system update drops Aurora stealer via Invalid Printer loader

Recently, a new campaign to spread the Aurora stealer malware was discovered by researchers from the Israeli security firm CyberInt. According to the findings, attackers are using a fake system update as a lure to trick users into downloading a malicious file that contains the Aurora stealer.

The attack begins with a phishing email that contains a malicious link. When clicked, the user is redirected to a malicious website that looks like a legitimate system update page. The user is prompted to click on a “Download” button, which then downloads a file containing the Aurora stealer.

To evade detection, the attackers are using a technique known as an “Invalid Printer Loader”. This technique involves injecting malicious code into a legitimate printer driver. When the printer driver is loaded, the malicious code is executed, allowing the Aurora stealer to be installed on the user’s computer.

Once installed, the Aurora stealer is able to steal sensitive information such as passwords and other personal data. It can also be used to download additional malware and conduct malicious activities.

It is important to note that this attack is not limited to Windows systems. MacOS and Linux users are also at risk as the same technique can be used to deliver the Aurora stealer.

To protect yourself from this attack, it is important to be vigilant when clicking on links in emails. Make sure to only download files from trusted sources and verify them using an anti-virus program. Additionally, make sure that your system is up-to-date and running the latest security patches.

Need secure managed IT for your business?