This time around, researchers from Fortinet FortiGuard Labs found a new campaign looking to distribute the Lumma stealer. As per the report, researcher Cara Lin discovered multiple YouTube videos demonstrating how to install cracked commercial software, such as Vegas Pro. The videos are fake, and in their description is a shortened url (usually via TinyURL and Cuttly) claiming to offer the software from the video, for free.
However, those who download and run the software will only get a variant of the Lumma infostealer, a known piece of malware capable of grabbing passwords stored in popular browsers, cookies, credit card information, and data related to cryptocurrency wallets. Lumma is offered as a service, for a subscription fee ranging between $250 and $1,000.
In its analysis November, researchers from Outpost24 found that Lumma’s fourth version comes with a number of new evasion techniques, allowing it to operate next to most antivirus or endpoint protection services. These techniques include control flow flattening obfuscation, human-mouse activity detection, XOR encrypted strings, support for dynamic configuration files, and enforcement of crypto use on all builds.
Furthermore, Lumma was recently observed being able to restore expired Google cookies, which can then be used to access the victim’s Google account. Lumma’s developers further explained that every session cookie can be used no more than two times, meaning that it can only be restored once. That, however, is more than enough to mount a devastating attack against any organization.
Google was quick to respond, as soon after news of the feature broke out, Lumma released a new version that bypasses “newly introduced” restrictions set up by Google. So it’s safe to assume that right now, it’s a bit of a back-and-forth between Google and Lumma.
More from TechRadar Pro
- This devious malware will let hackers restore deleted cookies and hijack your Google account
- Here's a list of the best firewalls today
- These are the best endpoint protection services right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.