CyberSecurityBoard
Sponsor Register Login

Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation

Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions. “This version of Lumma employs multiple layers of code obfuscation that dynamically alters execution paths at runtime, making static analysis particularly challenging,” the researchers explained in their initial report. This latest version demonstrates the ongoing arms race between malware developers and security researchers as threat actors continuously refine their tools to bypass modern security controls. Security experts recommend organizations implement comprehensive endpoint protection with behavioral analysis capabilities, as signature-based detection proves inadequate against such sophisticated obfuscation. Organizations with inadequate security measures have reported significant data breaches, with stolen credentials subsequently appearing on underground forums or being used for financial fraud and unauthorized access to corporate networks. This latest iteration represents a significant evolution in the malware’s capabilities, with threat actors implementing multiple layers of obfuscation to conceal the malicious code’s true purpose and functionality. Once executed, the malware establishes persistence through a combination of registry modifications and scheduled tasks, while implementing anti-analysis techniques that can detect virtualized environments and security tools. Regular security awareness training for employees remains crucial to prevent the initial infection, while network monitoring for suspicious data exfiltration patterns can help detect compromises in their early stages. Trellix researchers identified the new variant during routine threat hunting operations, noting significant changes in how the malware conceals its execution flow. The most notable feature of this latest Lumma variant is its sophisticated code flow obfuscation mechanisms.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Apr 2025 12:35:11 +0000


Cyber News related to Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation

Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation - Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions. “This version of ...
3 months ago Cybersecuritynews.com
CVE-2022-30426 - There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow ...
2 years ago
Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
1 year ago Feeds.fortinet.com
Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques - “The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware ...
2 months ago Cybersecuritynews.com Kimsuky
Lumma Password Stealer Attack Infection Chain and Its Escalation Tactics Uncovered - WithSecure analysts identified Lumma during their analysis of open source samples between February and March 2025, revealing the malware’s sophisticated three-stage infection process. This massive infection rate prompted coordinated ...
1 week ago Cybersecuritynews.com
Lumma Stealer Via Fake Cracked Software Steals Login Credentials and Private Files - Cyber Security News - Security teams must combine user education about pirated software with behavioral telemetry that flags suspicious child-process creation and outbound TLS beacons to unfamiliar domains if they hope to close the window that Lumma Stealer so deftly ...
2 weeks ago Cybersecuritynews.com
Flow Security Launches GenAI DLP - PRESS RELEASE. TEL AVIV, Israel, Nov. 30, 2023 /PRNewswire/ - Flow Security, the pioneering Data Security Lifecycle Platform, announced today its extension to GenAI Security with the launch of a new GenAI DLP module. This move makes Flow Security the ...
1 year ago Darkreading.com
Beware Weaponized YouTube Channels Spreading Lumma Stealer - Attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary ...
1 year ago Darkreading.com
Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs - Upon extraction, victims encounter a Nullsoft Scriptable Install System (NSIS) installer, typically named setup.exe or set-up.exe, which executes the Lumma payload packed with the CypherIT crypter—a tool designed to obfuscate malware signatures and ...
3 weeks ago Cybersecuritynews.com
Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions - Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files ...
5 months ago Cybersecuritynews.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
1 year ago Techrepublic.com
From Implicit to Authorization Code With PKCE, BFF - Lack of Refresh Token Support occurs when there are no refresh tokens, and frequent requests for new tokens are necessary, increasing the chances of token leakage and misuse. The Implicit Flow had several security vulnerabilities, such as token ...
1 year ago Feeds.dzone.com
Malicious web redirect scripts stealth up to hide on hacked sites - Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. Parrot TDS was discovered by ...
1 year ago Bleepingcomputer.com
New Command-Line Obfuscation Technique Bypasses AVs and EDRs - When a command is executed with these obfuscation techniques, the obfuscated version is what gets recorded by security monitoring tools. The techniques, detailed in a comprehensive study released on March 24, 2025, exploit parsing inconsistencies in ...
3 months ago Cybersecuritynews.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
1 year ago Securityweek.com
CVE-2017-2171 - Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page ...
8 years ago
Beware! Hackers Use YouTube Channels Deliver Lumma Malware - Hackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:-. The popularity of YouTube also gives the threat actors the ability to evade general ...
1 year ago Gbhackers.com
Google password resets not enough to stop this malware The Register - Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. Developers of infostealer malware - mainly targeting Windows, it seems - have steadily implemented the ...
1 year ago Go.theregister.com
New FrigidStealer infostealer infects Macs via fake browser updates - Windows users get an MSI installer that loads Lumma Stealer or DeerStealer, Mac users receive a DMG file that installs the new FrigidStealer malware, and Android users receive an APK file that contains the Marcher banking trojan. FakeUpdate ...
5 months ago Bleepingcomputer.com
Lumma Stealer Exploits Fake CAPTCHA Pages to Harvest Sensitive Data - Organizations should implement robust endpoint protection solutions and user awareness training to mitigate the risk posed by this increasingly prevalent threat, as even corporate environments have fallen victim to Lumma Stealer infections that may ...
3 months ago Cybersecuritynews.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
1 year ago Darkreading.com
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
1 year ago Hackread.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)