The Cybereason Global Security Operations Center (GSOC) has reported on the LummaStealer malware’s advanced evasion techniques. The Russian-developed malware uses the Microsoft HTML Application Host to execute remote code disguised as an innocuous .mp4 file. Furthermore, LummaStealer uses memory injection techniques to bypass Antimalware Scan Interface (AMSI) and uses a fake CAPTCHA page to socially engineer users into triggering code execution.
Even More Schedule 1 Mods Found to Contain Malware
The Schedule 1 modding community is facing a potential threat as more modifications have been discovered containing dangerous malware. Mods including “Just Enough Drugs” and
