Cybercriminals were found distributing Aurora information-stealing malware via a simulated Windows update within the browser, in a malvertising campaign. Researchers identified more than a dozen domains used in the campaigns, several posing as adult websites. Technical analysis of the malware, its behavior, and IOCs have been released.