Threat actors have been leveraging the GitHub code repository to distribute the Lumma Stealer malware in the guise of legitimate utilities, including "Free VPN for PC" and "Minecraft Skin Changer", as part of a new attack campaign, reports Cyber Security News.Intrusions commence with the download of fraudulent free software from GitHub, which contains the Launch.exe dropper with base64-encoded payloads facilitating the establishment of bogus assembly metadata meant to bypass automated analyses, an analysis from Cyfirma researchers showed. After using a custom function enabling bitwise operations on the encoded payload, the malware proceeds to deliver a file in a directory that is then concealed before the malicious DLL's export function is executed by the dropper. Such tactics have enabled covert malware compromise of legitimate Windows processes while ensuring persistence on targeted systems, according to researchers, who discovered the threat after tracking various campaigns aimed at organizations and individuals.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds