Beware of YouTube Videos Distributing Aurora Stealer Malware via Sophisticated Loader

Reading Time: ( Word Count: )

April 18, 2023
Nextdoorsec-course

A sophisticated loader called “in2al5d p3in4er” (pronounced as an invalid printer) has been identified by cybersecurity researchers. This loader is designed to deliver the Aurora information stealer malware and uses advanced anti-virtual machine techniques to target endpoint workstations. 

According to a report by Morphisec, the loader is compiled with Embarcadero RAD Studio and can evade detection by generating executables for multiple platforms.

The main job of the loader is to look for the vendor ID of the loaded graphics card and compare it to a list of permitted vendor IDs, such as AMD, Intel, or NVIDIA. 

Beware of YouTube Videos Distributing Aurora Stealer Malware

The loader self-terminates if the value is incorrect. When the final payload has been encrypted, the loader either reserves memory to store the decrypted content before launching it from there or uses a hollowing process to introduce itself into the genuine “sihost.exe” process.

Also, Read: “WhatsApp Introduces New Security Feature to Combat Account Takeovers”

The loader’s use of Embarcadero RAD Studio and the “BCC64.exe” C++ compiler enables it to evade detection on VirusTotal and break security vendors’ indicators. The loader directs users to false domains where they are misled into installing the malware using YouTube videos and SEO-optimized fake cracked program download websites. 

The in2al5d p3in4er loader is part of a high-impact campaign that employs social engineering methods to distribute the stealer malware. The findings suggest that threat actors use YouTube as a malware distribution channel and direct viewers to fake websites. AresLoader, a different virus loader discovered by Intel 471, is thought to have been created by a team with connections to Russian hacktivist activity.

The in2al5d p3in4er is a mysterious loader that delivers the Aurora information stealer malware. It employs advanced anti-VM techniques, social engineering methods, and a sophisticated compiler to evade detection.

Noor Khan

Noor Khan

Author

My name is Noor, and I am a seasoned entrepreneur focused on the area of artificial intelligence. As a robotics and cyber security researcher, I love to share my knowledge with the community around me.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *