“Beware of YouTube Videos Distributing Aurora Stealer Malware via Sophisticated Loader”

Reading Time: ( Word Count: )

April 18, 2023
Nextdoorsec-course

A sophisticated loader called “in2al5d p3in4er” (pronounced as an invalid printer) has been identified by cybersecurity researchers. This loader is designed to deliver the Aurora information stealer malware and uses advanced anti-virtual machine techniques to target endpoint workstations. 

According to a report by Morphisec, the loader is compiled with Embarcadero RAD Studio and can evade detection by generating executables for multiple platforms.

The main job of the loader is to look for the vendor ID of the loaded graphics card and compare it to a list of permitted vendor IDs, such as AMD, Intel, or NVIDIA. 

Beware of YouTube Videos Distributing Aurora Stealer Malware

The loader self-terminates if the value is incorrect. When the final payload has been encrypted, the loader either reserves memory to store the decrypted content before launching it from there or uses a hollowing process to introduce itself into the genuine “sihost.exe” process.

Also, Read: “WhatsApp Introduces New Security Feature to Combat Account Takeovers”

The loader’s use of Embarcadero RAD Studio and the “BCC64.exe” C++ compiler enables it to evade detection on VirusTotal and break security vendors’ indicators. The loader directs users to false domains where they are misled into installing the malware using YouTube videos and SEO-optimized fake cracked program download websites. 

The in2al5d p3in4er loader is part of a high-impact campaign that employs social engineering methods to distribute the stealer malware. The findings suggest that threat actors use YouTube as a malware distribution channel and direct viewers to fake websites. AresLoader, a different virus loader discovered by Intel 471, is thought to have been created by a team with connections to Russian hacktivist activity.

The in2al5d p3in4er is a mysterious loader that delivers the Aurora information stealer malware. It employs advanced anti-VM techniques, social engineering methods, and a sophisticated compiler to evade detection.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Top AI Cybersecurity Companies to Consider in 2023

Top AI Cybersecurity Companies to Consider in 2023

Artificial intelligence (AI) has appeared as a powerful tool in cybersecurity. As the rate and sophistication of ...
60 Chat GPT Prompts for Cyber Security by Experts

60 Chat GPT Prompts for Cyber Security by Experts

Chat GPT, powered by advanced natural language processing and artificial intelligence techniques, has emerged as a ...
Penetration Testing vs. Security Testing: Unraveling the Differences

Penetration Testing vs. Security Testing: Unraveling the Differences

In today's increasingly interconnected world, ensuring the security of digital systems and networks is paramount. ...
Internal vs. External Penetration Testing: Making the Right Choice

Internal vs. External Penetration Testing: Making the Right Choice

Penetration testing, often called pen testing, is crucial to ensuring the security and resilience of computer ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *