Auraboros RAT Exposes Critical Security Flaws with Live Audio and Keylogging Features

Severity: High (Score: 63.9)

Sources: Gbhackers, Cybersecuritynews

Summary

A newly discovered remote access trojan (RAT) framework named Auraboros has been found to have a fully exposed command-and-control (C2) panel, allowing attackers to access victim data without any authentication. The C2 panel supports live audio streaming, keylogging, and cookie theft, making it highly dangerous for users. Victims are at risk of having their sensitive information compromised, including browser credentials and cookies. The dashboard operates over plain HTTP, which further exacerbates the security risks associated with this RAT. The lack of authentication means that anyone can access the C2 panel, increasing the potential for mass exploitation. This incident highlights significant vulnerabilities in cybersecurity defenses against RATs. As of now, there are no reported patches or mitigations available to address these vulnerabilities. Security professionals are urged to monitor for any signs of exploitation related to Auraboros. Key Points: • Auraboros RAT features live audio streaming, keylogging, and cookie theft. • The C2 panel is accessible over plain HTTP with no authentication required. • Victim data is at high risk due to the lack of security measures in place.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• Auraboros (malware)
• T1056.001 - Keylogging (mitre_attack)
• T1056 - Input Capture (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1123 - Audio Capture (mitre_attack)
• T1555.003 - Credentials From Web Browsers (mitre_attack)