#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Sandbox Evasion | Breaking Cybersecurity News | The Hacker News

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

May 19, 2024 Banking Troja / Email Security
The threat actors behind the Windows-based  Grandoreiro  banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South America, Africa, Europe, and the Indo-Pacific, IBM X-Force said. While  Grandoreiro  is known primarily for its focus in Latin America, Spain, and Portugal, the expansion is likely a shift in strategy after attempts to  shut down its infrastructure  by Brazilian authorities. Going hand-in-hand with the broader targeting footprint are significant improvements to the malware itself, which indicates active development. "Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

Nov 20, 2023 Malware / Cyber Attack
The stealer malware known as  LummaC2  (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto Marín  said  in a technical report shared with The Hacker News. Written in the C programming language, LummaC2 has been sold in underground forums since December 2022. The malware has since  received   iterative updates  that make it harder to analyze via control flow flattening and even allow it to deliver additional payloads. The current version of LummaC2 (v4.0) also requires its customers to use a  crypter  as an added concealing mechanism, not to mention prevent it from being leaked in its raw form. Another noteworthy update is the reliance on trigonometry to detect human behavior on the infiltrated
Expert Insights
Cybersecurity Resources