November 20, 2023 at 06:42AM
The LummaC2 malware has added a new anti-sandbox technique that uses trigonometry to evade detection and steal valuable information from infected hosts. The malware also incorporates control flow flattening and can deliver additional payloads. It requires the use of a crypter to conceal itself and relies on trigonometry to detect human behavior on the infected endpoint. The development of such malware underscores the growing threat of information stealers and remote access trojans. Attackers continue to utilize malware-as-a-service models to carry out sophisticated cyberattacks and profit from information theft.
Key Takeaways from Meeting Notes:
– LummaC2 (aka Lumma Stealer) is a stealer malware that has a new anti-sandbox technique using trigonometry to evade detection and exfiltrate information.
– LummaC2, written in C programming language, has been available in underground forums since December 2022 and has received updates to make analysis and detection more difficult.
– The current version of LummaC2 (v4.0) requires customers to use a crypter for added concealment.
– The malware uses trigonometry to detect human behavior by analyzing cursor positions and calculating angles formed between vectors.
– New strains of information stealers and remote access trojans, such as BbyStealer, Trap Stealer, Predator AI, and Sayler RAT, are emerging and targeting sensitive data.
– Predator AI is notable for its ability to attack popular cloud services and incorporates a ChatGPT API for ease of use.
– The malware-as-a-service (MaaS) model remains a preferred method for emerging threat actors.
– Information theft poses a significant threat and can result in substantial financial losses for organizations and individuals.