New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

Analysis of AuraStealer, an emerging infostealer

mars 11, 2026

Analysis of AuraStealer, an emerging infostealer

Since the takedown of the Lumma stealer infrastructure in 2025, the infostealer landscape is undergoing a major transformation. It is now dominated by Rhadamantys and Vidar. Other threat actors are trying to capture some market share. One of them is AuraStealer, which first appeared on hacker forums in July 2025. Several campaigns have already been spotted in the wild.

Key findings

  • The strategic analysis of AuraStealer, an emerging infostealer developed by a group of Russian speaking individuals.
  • Details of the C2 infrastructure with 48 identified C2 domain names which seems to be shifting from SHOP TLDs to CFD TLDs.
  • A pivot that allows the tracking of C2 domains on network search engines.
  • The code analysis of the panel and the main payload.
  • More than 340 indicators of compromise.

Intrinsec’s CTI services

Organisations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving threats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed malicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the compromises they face.

For this report, shared with our clients in January 2026, Intrinsec relied on its Cyber Threat Intelligence service, which provides its customers with high value-added, contextualized and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data & information gathered from our security monitoring services (SOC, MDR …), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated by our analysts using custom heuristics, honeypots, hunting, reverse-engineering & pivots.

Intrinsec also offers various services around Cyber Threat Intelligence:

  • Risk anticipation: which can be leveraged to continuously adapt the detection & response capabilities of our clients’ existing tools (EDR, XDR, SIEM, …) through:
      • an operational feed of IOCs based on our exclusive activities.
      • threat intel notes & reports, TIP-compliant.
  • Digital risk monitoring:
      • data leak detection & remediation
      • external asset security monitoring (EASM)
      • brand protection

For more information, go to intrinsec.com/en/cyber-threat-intelligence/.

Follow us on Linkedin and X

Download the full report content
Contact