Home » Articles » Approaching Infostealer Devs: a Brief Interview with AURA

Approaching Infostealer Devs: a Brief Interview with AURA

Original Interview by g0njxa

https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-aura-9b513369e117

To completely understand what’s going on in a market that has been growing in the last years I found mandatory to know which players are dominating it. Always remember that behind every user of the Internet there is another human like you, so if you can be kind enough to reach them and they agree, you can have a little talk. Asking things is not a crime.

Please note everything that stated on this blog has only an informational purpose. I will never promote the use of these products.

Let’s see today, a brief talk with AURA:
The interview was made in English. Original text is provided below.

What is AURA?

AURA is not just a stealer, it is our team and our customers united together. It is a newly formed but rapidly growing community.

Is there a history behind the name AURA?

During the product development phase, it did not have a name. Our team deliberated on this issue for a long time, and the name was conceived approximately one month before the project launch.
People engage in cybercrime for various reasons; some are interested in wealth and expensive cars, while others seek universal attention. There are many more reasons, but all these people have one thing in common: an aura of success.
That’s how the name AURA was conceived. Simple, concise, and self-explanatory.
Our logo is a crown, the upper ray of which intersects with its base to form the letter A, the first letter of our name.

What makes AURA different from other products?

All stealers have similar functionality because they perform similar tasks. The only difference is in the implementation of certain functions.
In terms of implementation, we clearly stand out in terms of product quality and stability. Our team consists of experienced programmers with many years of development experience. These are not scriptkiddies who stumbled into this business by accident.
Despite their extensive experience, our programmers do not rest on their laurels, but study new technologies every day and continue to make Aura better.

If we don’t focus solely on the technical side, another thing that sets us apart is our prompt and high-quality customer support. We take into account the opinion of each of our customers, and many of our product updates have come about thanks to feedback and requests from our customers. Just recently, one of our customers wrote to us, “I wish everyone would respond as quickly as you do.”

When newcomers come to us, we try to help them understand all the issues. And if we see that a person will not be able to monetize their subscription due to lack of experience, we ask them not to rush into a purchase and to study more materials on the subject. It is important to us that every customer has only a positive experience using the product.

AURA has been accused of being a copy of the infamous Lumma Stealer, even there was some confusion on forums by some research posted there. How different are you from Lumma specifically?

There is a similarity between us, but it is purely visual, and only because both products use tabler (https://tabler.io) as a web template for the interface. Now you understand where this confusion came from?
The myth about code copying was spread by people who made superficial assumptions and did not want to look into the facts in detail. People are interested in scandals and intrigue, so they spread very quickly.
There is a person with the nickname “wizardo” on the xss forum. He reverse engineered our builds in the first days after the launch of our project and, contrary to public opinion, proved that our code base has nothing in common with Lumma, which he had previously researched.
You can read a description of this situation in this tweet — https://x.com/KrakenLabs_Team/status/1952302052928803182, as well as find wizardo’s article on the forum and study it yourself if you are interested.
Apart from wizardo, no one else has done a detailed analysis with real facts; everything else is just highly exaggerated nonsense taken out of thin air.

Is resembling what Lumma did the objective of AURA or does this project have other objectives?

I think my previous answer clearly showed that copying is a myth, and that the external similarity is due solely to the use of the Tabler framework. I can name a couple more stealers who also used and continue to use Tabler, but for some reason did not attract public attention (isn’t that funny?). I think the point is not that someone resembles someone else, but rather what emotions our product evokes in the public.
Usually, attention is focused on promising products, while those that remain in the shadows continue to go unnoticed. I think there will always be a lot of noise, rumors, and gossip around us. Overall, this is even a good thing, as it increases our popularity and more people learn about us.
To sum up this issue, AURA is a completely different project with its own path and goals.

How many people do you think have used AURA? Approximately

The number of customers is confidential information.
I have studied some interviews you have conducted with other projects, as well as analyzed other sources, and can provide some comparison for general understanding.
In less than four months, we have attracted more customers than some other projects have in a year or several years of their existence.
Based on this, I can conclude that we are experiencing explosive growth in popularity.

Since when has AURA been working?

On July 8, 2025, our first trading thread appeared on the xss forum, and later our trading threads appeared on other popular forums such as exploit, hackforums, bhf, and other less popular ones.

Can AURA be the next top product after the fall of other maas products?

Regardless of the successes and failures of other products, our plan is to become the number one project. That’s why we’re here. And we will make every effort to achieve this goal and move forward confidently every day. People who previously used Lumma, StealC, Vidar, and Rhadamantis are coming to us. They try our product and stay with us, which makes us very happy.

Does AURA works on the CIS countries?

Our software does not work in CIS countries. Many people have asked us to remove this restriction and offered us large sums of money, but we have refused every request. AURA does not work and will never work in CIS countries. Our builds include checks for CIS systems (which have already been attempted to be bypassed, but unsuccessfully) as well as IP address checks on our servers for additional protection.

How do you see the market? Is this a good time to work?

The market is constantly changing, with local ups and downs in activity, but the overall trend is that this business is thriving and people are working. As for the second part of the question, we believe that the best time to act is here and now, regardless of the surrounding circumstances.

Is there a big effort on the development side?. What will be the future of AURA?

I am a realist and am not used to guessing what will happen next; we have clear plans that we stick to. A huge amount of effort and resources are being put into development, and this should yield results. I myself am interested to see how far AURA can go.

What would you say to those “information security experts” who are trying to track AURA?

I would like to extend a warm welcome to the security experts❤️
We have always enjoyed reading their technical reports on various types of malware, and our team will be particularly interested in reading reports about our product in the future.
Although we are effectively on opposite sides of the battlefield, I have a very positive attitude toward them, and I have several friends who are cybersecurity experts.

At the moment, we have a code virtualization module ready, which we have not yet specifically implemented in our builds so that they can be researched. After several interesting technical reports appear, we will completely virtualize our code, and analyzing it will become a very difficult task.

There are many updates ahead and a lot of material for security experts.