Infostealer Lumma Evolves With New Anti-Sandbox Method

A new version of the infamous information stealer Lumma has emerged with a sophisticated anti-sandbox technique. Operating under the Malware-as-a-Service model, LummaC2 v4.0 introduces a novel approach to evading detection by sandboxes commonly utilized for malware analysis. According to an advisory published by Outpost24 threat researcher Alberto Marín today, the stealer's novel anti-sandbox technique relies on trigonometry to discern genuine human behavior, delaying its activation until authentic mouse activity is identified. This innovative strategy involves capturing and analyzing cursor movements, requiring continuous and smooth motion to bypass the malware's detection mechanisms. "After checking that all five captured cursor positions meet the requirements, LummaC2 v4.0 uses trigonometry to detect 'human' behavior. If it does not detect this human-like behavior, it will start the process all over again from the beginning," Marín explained. The security expert added that the significance of LummaC2 v4.0 lies in its capacity for information theft, focusing on the acquisition and exfiltration of sensitive data such as login credentials and credit card details. Its presence in underground forums since December 2022 and subsequent updates indicate an ongoing threat that could result in substantial financial losses for both individuals and organizations. According to Marín, the introduction of trigonometry as an anti-sandbox measure reveals a level of sophistication that demands sustained scrutiny and the formulation of proactive defense strategies. "LummaC2 v4.0 appears to be a dynamic malware strain that remains under active development, constantly enhancing its code base with additional features and improved obfuscation techniques, along with updates to its control panel," the researcher wrote. "The ongoing usage of this malware in real-world scenarios indicates that it will likely continue to evolve, incorporating more advanced features and security measures in the future."

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000

Cyber News related to Infostealer Lumma Evolves With New Anti-Sandbox Method

Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com

What is a Sandbox? Definition from SearchSecurity - A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Using a sandbox to detect malware offers an additional layer of protection against ...
1 year ago Techtarget.com

Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
1 year ago Feeds.fortinet.com

Infostealer Lumma Evolves With New Anti-Sandbox Method - A new version of the infamous information stealer Lumma has emerged with a sophisticated anti-sandbox technique. Operating under the Malware-as-a-Service model, LummaC2 v4.0 introduces a novel approach to evading detection by sandboxes commonly ...
1 year ago Infosecurity-magazine.com

Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions - Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files ...
3 weeks ago Cybersecuritynews.com

Beware Weaponized YouTube Channels Spreading Lumma Stealer - Attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary ...
1 year ago Darkreading.com

ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
1 year ago Techrepublic.com

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
2 weeks ago Cybersecuritynews.com

New FrigidStealer infostealer infects Macs via fake browser updates - Windows users get an MSI installer that loads Lumma Stealer or DeerStealer, Mac users receive a DMG file that installs the new FrigidStealer malware, and Android users receive an APK file that contains the Marcher banking trojan. FakeUpdate ...
3 weeks ago Bleepingcomputer.com

MirrorFace APT Hackers Exploited Windows Sandbox & Visual Studio Code Using Custom Malware - The campaign, attributed to a threat actor known as “MirrorFace,” a subgroup operating under the APT10 umbrella, exploited Windows Sandbox and Visual Studio Code to execute malicious activities while evading detection from security tools ...
1 day ago Cybersecuritynews.com APT1

Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
1 year ago Securityweek.com

Google Adds V8 Sandbox To Chrome To Fight Against Browser Attacks - A Sandbox is a protective medium that blocks the entire system from any application accessing vulnerable resources. Restrictive environments for web content in browsers called sandboxes reduce the impact that can be caused by browser-based attacks ...
11 months ago Gbhackers.com

Google password resets not enough to stop this malware The Register - Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. Developers of infostealer malware - mainly targeting Windows, it seems - have steadily implemented the ...
1 year ago Go.theregister.com

5 Best Ways a Malware Sandbox Can Help Your Company - Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked. Malware sandboxes equipped with advanced AI capabilities can significantly enhance the training and productivity of junior security staff. ...
1 year ago Cybersecuritynews.com

Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com

Cookies Exploit Allows Persistent Access After Password Reset - A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts. A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that allows ...
1 year ago Gbhackers.com

Malware abuses Google OAuth endpoint to 'revive' cookies, hijack accounts - Session cookies are a special type of browser cookie that contains authentication information, allowing a person to automatically log in to websites and services without entering their credentials. These types of cookies are meant to have a limited ...
1 year ago Bleepingcomputer.com

Beware! Hackers Use YouTube Channels Deliver Lumma Malware - Hackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:-. The popularity of YouTube also gives the threat actors the ability to evade general ...
1 year ago Gbhackers.com

Several Infostealers Using Persistent Cookies to Hijack Google Accounts - Multiple information stealers have been adopting a new technique that allows them to restore Google cookies and compromise accounts even if the victims change their passwords, threat intelligence firm CloudSEK reports. A vulnerability in Google's ...
1 year ago Securityweek.com

- Appearing flattered by the dogged analysis of Chaes malware over the years, the infostealer's developer dropped secret messages in the latest version of the code praising threat hunter efforts and thanking them for the interest. Analysis of ...
1 year ago Darkreading.com

CVE-2024-49360 - Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox ...
3 months ago

5 Must-Have Tools for Effective Dynamic Malware Analysis - After launching the executable file found inside the archive, the sandbox instantly detects that the system has been infected with AsyncRAT, a popular malware family used by attackers to remotely control victims' machines and steal sensitive data. ...
5 months ago Thehackernews.com

Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
1 year ago Hackread.com

Weak password and infostealer blamed for Orange Spain outage The Register - A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic. The network provider is Spain's second most popular and on Wednesday evening confirmed its RIPE ...
1 year ago Go.theregister.com

Breaking Down the Blank Image Attack, a Strategy that Allows Malware to Evade Anti-Malware Software - Recent advances in internet security have allowed anti-malware software to block malware attacks more effectively. However, some malware developers employ techniques such as the “blank image attack” to bypass traditional anti-malware detection ...
2 years ago Hackread.com

Infostealer Lumma Evolves With New Anti-Sandbox Method

Cyber News related to Infostealer Lumma Evolves With New Anti-Sandbox Method

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)