CyberSecurity news
FlagThis
@cyberpress.org
//
A new variant of the Lumma Stealer malware has been identified, showing significant advancements in its stealth and persistence. Researchers at the Trellix Advanced Research Center analyzed the new variant, discovering features such as code flow obfuscation and dynamic API resolution that help it evade detection. Lumma Stealer, originally introduced in 2022, has rapidly evolved and poses a serious threat to personal and organizational data by targeting sensitive information stored on infected systems.
Lumma Stealer, also known as LummaC2, has gained popularity in underground forums with over a thousand active subscribers as of March 2025. The malware uses deceptive methods such as fake CAPTCHA pages, mimicking Google reCAPTCHA or Cloudflare challenges, to trick users into executing malicious commands. These fraudulent pages are often hosted on compromised websites offering pirated content or cryptocurrency services, enticing unsuspecting users to initiate the infection chain.
The malware's infection chain is complex and difficult to detect. It involves downloading a .zip file, extracting the malware, and establishing persistence through the Windows Registry's Run key. More advanced attacks hide the malware within seemingly harmless .mp3 or .png files, triggered via the mshta.exe HTML application engine, deploying layers of encryption, anti-debugging techniques, and detection evasion mechanisms. The stealer targets sensitive data, including cryptocurrency wallet credentials, 2FA codes, browser-stored passwords, and financial information, which it transmits to attacker-controlled domains.
ImgSrc: blogger.googleu
References :
Lumma Stealer, also known as LummaC2, has gained popularity in underground forums with over a thousand active subscribers as of March 2025. The malware uses deceptive methods such as fake CAPTCHA pages, mimicking Google reCAPTCHA or Cloudflare challenges, to trick users into executing malicious commands. These fraudulent pages are often hosted on compromised websites offering pirated content or cryptocurrency services, enticing unsuspecting users to initiate the infection chain.
The malware's infection chain is complex and difficult to detect. It involves downloading a .zip file, extracting the malware, and establishing persistence through the Windows Registry's Run key. More advanced attacks hide the malware within seemingly harmless .mp3 or .png files, triggered via the mshta.exe HTML application engine, deploying layers of encryption, anti-debugging techniques, and detection evasion mechanisms. The stealer targets sensitive data, including cryptocurrency wallet credentials, 2FA codes, browser-stored passwords, and financial information, which it transmits to attacker-controlled domains.
ImgSrc: blogger.googleu
Share:
References :
- cyberpress.org: A newly discovered variant of the Lumma InfoStealer malware has been analyzed by researchers at the Trellix Advanced Research Center, revealing significant enhancements in its stealth and persistence mechanisms. Originally identified in 2022, Lumma continues to evolve rapidly, posing serious risks to personal and organizational data. The latest analysis highlights the stealer’s aggressive use of
- Talkback Resources: Lumma Stealer, a sophisticated information stealer introduced by Lumma in 2022, is gaining popularity in underground forums with over a thousand active subscribers as of March 2025, using deceptive delivery methods and complex infection chains to target sensitive data.
- Virus Bulletin: Trellix researcher Mohideen Abdul Khader analyses a recent version of Lumma infostealer. The malware is capable of exfiltrating sensitive data from web browsers, email applications, cryptocurrency wallets & other PII stored in critical system directories.
- Securelist: Lumma Stealer – Tracking distribution channels
Classification:
- HashTags: #LummaStealer #Malware #InfoStealer
- Target: Users of infected systems
- Attacker: Lumma
- Feature: Code Obfuscation
- Malware: Lumma
- Type: Malware
- Severity: Major