CyberSecurityBoard
Sponsor Register Login

Infostealer Lumma Evolves With New Anti-Sandbox Method

A new version of the infamous information stealer Lumma has emerged with a sophisticated anti-sandbox technique. Operating under the Malware-as-a-Service model, LummaC2 v4.0 introduces a novel approach to evading detection by sandboxes commonly utilized for malware analysis. According to an advisory published by Outpost24 threat researcher Alberto Marín today, the stealer's novel anti-sandbox technique relies on trigonometry to discern genuine human behavior, delaying its activation until authentic mouse activity is identified. This innovative strategy involves capturing and analyzing cursor movements, requiring continuous and smooth motion to bypass the malware's detection mechanisms. "After checking that all five captured cursor positions meet the requirements, LummaC2 v4.0 uses trigonometry to detect 'human' behavior. If it does not detect this human-like behavior, it will start the process all over again from the beginning," Marín explained. The security expert added that the significance of LummaC2 v4.0 lies in its capacity for information theft, focusing on the acquisition and exfiltration of sensitive data such as login credentials and credit card details. Its presence in underground forums since December 2022 and subsequent updates indicate an ongoing threat that could result in substantial financial losses for both individuals and organizations. According to Marín, the introduction of trigonometry as an anti-sandbox measure reveals a level of sophistication that demands sustained scrutiny and the formulation of proactive defense strategies. "LummaC2 v4.0 appears to be a dynamic malware strain that remains under active development, constantly enhancing its code base with additional features and improved obfuscation techniques, along with updates to its control panel," the researcher wrote. "The ongoing usage of this malware in real-world scenarios indicates that it will likely continue to evolve, incorporating more advanced features and security measures in the future."

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Infostealer Lumma Evolves With New Anti-Sandbox Method

Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
11 months ago Feeds.fortinet.com
What is a Sandbox? Definition from SearchSecurity - A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Using a sandbox to detect malware offers an additional layer of protection against ...
11 months ago Techtarget.com
Infostealer Lumma Evolves With New Anti-Sandbox Method - A new version of the infamous information stealer Lumma has emerged with a sophisticated anti-sandbox technique. Operating under the Malware-as-a-Service model, LummaC2 v4.0 introduces a novel approach to evading detection by sandboxes commonly ...
1 year ago Infosecurity-magazine.com
Beware Weaponized YouTube Channels Spreading Lumma Stealer - Attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary ...
11 months ago Darkreading.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
11 months ago Techrepublic.com
Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
10 months ago Securityweek.com
Google password resets not enough to stop this malware The Register - Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. Developers of infostealer malware - mainly targeting Windows, it seems - have steadily implemented the ...
11 months ago Go.theregister.com
Google Adds V8 Sandbox To Chrome To Fight Against Browser Attacks - A Sandbox is a protective medium that blocks the entire system from any application accessing vulnerable resources. Restrictive environments for web content in browsers called sandboxes reduce the impact that can be caused by browser-based attacks ...
8 months ago Gbhackers.com
5 Best Ways a Malware Sandbox Can Help Your Company - Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked. Malware sandboxes equipped with advanced AI capabilities can significantly enhance the training and productivity of junior security staff. ...
1 year ago Cybersecuritynews.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Cookies Exploit Allows Persistent Access After Password Reset - A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts. A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that allows ...
11 months ago Gbhackers.com
Beware! Hackers Use YouTube Channels Deliver Lumma Malware - Hackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:-. The popularity of YouTube also gives the threat actors the ability to evade general ...
11 months ago Gbhackers.com
Malware abuses Google OAuth endpoint to 'revive' cookies, hijack accounts - Session cookies are a special type of browser cookie that contains authentication information, allowing a person to automatically log in to websites and services without entering their credentials. These types of cookies are meant to have a limited ...
11 months ago Bleepingcomputer.com
Several Infostealers Using Persistent Cookies to Hijack Google Accounts - Multiple information stealers have been adopting a new technique that allows them to restore Google cookies and compromise accounts even if the victims change their passwords, threat intelligence firm CloudSEK reports. A vulnerability in Google's ...
11 months ago Securityweek.com
- Appearing flattered by the dogged analysis of Chaes malware over the years, the infostealer's developer dropped secret messages in the latest version of the code praising threat hunter efforts and thanking them for the interest. Analysis of ...
11 months ago Darkreading.com
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
1 year ago Hackread.com
Weak password and infostealer blamed for Orange Spain outage The Register - A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic. The network provider is Spain's second most popular and on Wednesday evening confirmed its RIPE ...
11 months ago Go.theregister.com
CVE-2024-49360 - Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox ...
3 weeks ago
5 Must-Have Tools for Effective Dynamic Malware Analysis - After launching the executable file found inside the archive, the sandbox instantly detects that the system has been infected with AsyncRAT, a popular malware family used by attackers to remotely control victims' machines and steal sensitive data. ...
2 months ago Thehackernews.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
2 months ago Thehackernews.com
Breaking Down the Blank Image Attack, a Strategy that Allows Malware to Evade Anti-Malware Software - Recent advances in internet security have allowed anti-malware software to block malware attacks more effectively. However, some malware developers employ techniques such as the “blank image attack” to bypass traditional anti-malware detection ...
1 year ago Hackread.com
New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
The MOVEit Breach Might be the Biggest Cyberattack in 2023 - Despite the series of malicious cyber attacks witnessed in 2023, with a number of new trends and tactics in the campaigns, one of the breaches that stood out was the breach of the file transfer service MOVEit. In a new report published by ESET, it ...
11 months ago Cysecurity.news
Attackers Abuse Google OAuth Endpoint to Hijack User Sessions - Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. CloudSEK researchers learned of the zero-day exploit in October, when Prisma ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)