.jpg)
![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![BPMN-procesmodellering [closed]](https://i.sstatic.net/l7l8q49F.png)
-All-will-be-revealed-00-35-05.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-All-will-be-revealed-00-17-36.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Jack-Black---Steve's-Lava-Chicken-(Official-Music-Video)-A-Minecraft-Movie-Soundtrack-WaterTower-00-00-32_lMoQ1fI.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Weyo_alamy.png?width=1280&auto=webp&quality=80&disable=upscale#)
![What iPhone 17 model are you most excited to see? [Poll]](https://9to5mac.com/wp-content/uploads/sites/6/2025/04/iphone-17-pro-sky-blue.jpg?quality=82&strip=all&w=290&h=145&crop=1)
![Pixel Weather widgets & At a Glance now open correct location [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/12/Pixel-9-Pro-Weather-UI-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Hands-On With 'iPhone 17 Air' Dummy Reveals 'Scary Thin' Design [Video]](https://www.iclarified.com/images/news/97100/97100/97100-640.jpg)
![Mike Rockwell is Overhauling Siri's Leadership Team [Report]](https://www.iclarified.com/images/news/97096/97096/97096-640.jpg)
![Instagram Releases 'Edits' Video Creation App [Download]](https://www.iclarified.com/images/news/97097/97097/97097-640.jpg)
![Inside Netflix's Rebuild of the Amsterdam Apple Store for 'iHostage' [Video]](https://www.iclarified.com/images/news/97095/97095/97095-640.jpg)
Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation
Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions. This latest iteration represents a significant evolution in the malware’s capabilities, with threat actors implementing multiple layers of obfuscation to conceal the malicious code’s true purpose and […] The post Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation appeared first on Cyber Security News.
Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions.
This latest iteration represents a significant evolution in the malware’s capabilities, with threat actors implementing multiple layers of obfuscation to conceal the malicious code’s true purpose and functionality.
The malware continues to target sensitive information, including stored passwords, cryptocurrency wallets, and financial data across infected systems worldwide.
Lumma InfoStealer first emerged in the cybercrime underground in late 2022 as a Malware-as-a-Service (MaaS) offering, allowing criminals with minimal technical expertise to deploy sophisticated data-stealing capabilities.
Since its inception, Lumma has undergone several iterations, each introducing more advanced evasion techniques and expanding its information-stealing capabilities.
This latest version demonstrates the ongoing arms race between malware developers and security researchers as threat actors continuously refine their tools to bypass modern security controls.
Trellix researchers identified the new variant during routine threat hunting operations, noting significant changes in how the malware conceals its execution flow.
“This version of Lumma employs multiple layers of code obfuscation that dynamically alters execution paths at runtime, making static analysis particularly challenging,” the researchers explained in their initial report.
The malware’s sophisticated evasion techniques have already enabled it to compromise systems across financial, healthcare, and government sectors.
The primary attack vectors for the new Lumma variant remain phishing emails with malicious document attachments and compromised websites pushing fake software updates.
Once executed, the malware establishes persistence through a combination of registry modifications and scheduled tasks, while implementing anti-analysis techniques that can detect virtualized environments and security tools.
This multi-stage infection chain ensures the malware remains undetected while harvesting credentials and sensitive data from compromised systems.
The impact of this enhanced Lumma variant has been substantial, with researchers identifying data exfiltration from over 3,000 systems across 40 countries in the past month alone.
Organizations with inadequate security measures have reported significant data breaches, with stolen credentials subsequently appearing on underground forums or being used for financial fraud and unauthorized access to corporate networks.
Advanced Code Flow Obfuscation Techniques
The most notable feature of this latest Lumma variant is its sophisticated code flow obfuscation mechanisms.
Unlike previous versions that relied primarily on string encryption and basic anti-analysis checks, this iteration implements control flow flattening, dead code injection, and opaque predicates that fundamentally obscure the program’s logical structure.
.webp)
These techniques transform straightforward code into a maze of seemingly unrelated instructions that execute in an unpredictable sequence.
A simplified example of the obfuscation technique can be seen in the following code snippet:-
int state = 1;
while (state != 0) {
switch (state ^ calculateDynamicKey()) {
case 0x4A2F:
// Actual credential stealing functionality
collectBrowserPasswords();
state = 0x7E21;
break;
case 0x7E21:
// Dead code with side effects that influence later execution
executeObfuscatedFunction(0x2D);
state = 0x1C3D;
break;
case 0x1C3D:
// More credential stealing
collectCryptoWallets();
state = 0x3A8F;
break;
// Many more cases that jump between each other
case 0x3A8F:
if (checkAntiAnalysis())
state = 0;
else
state = 0x8D92;
break;
}
}The malware’s actual control flow becomes nearly impossible to trace through static analysis, as execution paths are determined dynamically at runtime.
Security experts recommend organizations implement comprehensive endpoint protection with behavioral analysis capabilities, as signature-based detection proves inadequate against such sophisticated obfuscation.
Regular security awareness training for employees remains crucial to prevent the initial infection, while network monitoring for suspicious data exfiltration patterns can help detect compromises in their early stages.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation appeared first on Cyber Security News.
