HOMETHREATSAura Stealer
MALWARE FAMILY

Aura Stealer

Internal ID: win.aurastealer
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

In July 2025, threat actor AuraCorp began advertising Aura Stealer as a Malware-as-a-Service (MaaS) program with multiple subscription tiers on underground forums. The information stealer targets credentials from over 110 browsers, 70 applications, and 250+ browser extensions, including cryptocurrency wallets and 2FA tools, while using AES-256 encryption for C2 communications. Notable features include seamless Chromium cookie harvesting without process termination, server-side App-Bound data decryption, and a built-in payload loader with custom morphing for detection evasion.

Threat Analysis

Aura Stealer is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.aurastealer

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Aura Stealer — Malware Family | Threat Intelligence | CTIWATCH.COM