CyberSecurity news

FlagThis

@securityonline.info //
A new malware campaign is underway, distributing the Lumma Stealer information stealer via weaponized PDF documents. This campaign specifically targets educational institutions, exploiting compromised infrastructure to deliver malicious LNK files disguised as legitimate PDFs. These files, when executed, initiate a multi-stage infection process designed to steal sensitive data, including passwords, browser information, and cryptocurrency wallet details.

The attackers lure users into downloading these malicious files by disguising them as innocuous documents, such as school fee structures. Once executed, the LNK files trigger PowerShell commands that download and run obfuscated JavaScript code, ultimately deploying the Lumma Stealer payload. The malware employs advanced evasion techniques, including obfuscated JavaScript and encrypted payloads, to avoid detection.

This campaign highlights the urgent need for robust cybersecurity measures within educational institutions and other sectors. Lumma Stealer targets various industries beyond education, including finance, healthcare, technology, and media. The use of compromised educational infrastructure as a distribution channel underscores the vulnerabilities in organizational cybersecurity frameworks.
Original img attribution: https://securityonline.info/wp-content/uploads/2025/02/Lumma-Stealer.png
ImgSrc: securityonline.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • gbhackers.com: Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
  • securityonline.info: Lumma Stealer Malware Campaign Targets Educational Institutions with Deceptive PDF Lures
  • www.cloudsek.com: Lumma Stealer Chronicles: PDF-Themed Campaign Using Compromised Educational Institutions’ Infrastructure
  • gbhackers.com: Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
  • Talkback Resources: Lumma Stealer Malware Campaign Targets Educational Institutions with Deceptive PDF Lures [mal]
  • www.silentpush.com: Silent Push recently expanded our research on the “Lumma Stealerâ€� infostealer malware.
Classification:
  • HashTags: #Malware #InfoStealer #Education
  • Company: Educational Institutions
  • Target: Educational institutions
  • Product: PDF Documents
  • Feature: Malicious LNK files
  • Malware: Lumma Stealer
  • Type: Malware
  • Severity: Major