Lumma, an advanced information stealer, has become a dominant force in the cybercrime landscape throughout 2024. Marketed as Malware-as-a-Service (MaaS), it is readily available on Russian-speaking forums and Telegram channels. This malware targets Windows systems, aiming to exfiltrate credentials, cryptocurrency wallet data, browser information, and two-factor authentication details. Lumma employs sophisticated methods such as binary morphing and server-side data decryption to avoid detection. It operates on a subscription basis, with tiered plans offering features such as customizable log management, data filtering, and advanced stealth capabilities, making it accessible to both novice and experienced cybercriminals.
Lumma’s capabilities are extensive and include data exfiltration, regular updates, and the ability to collect detailed data logs, as well as the capability to download additional malware to compromised systems. It has been observed in multiple campaigns that use techniques like phishing, malvertising, and fake software updates. These campaigns have targeted a diverse range of sectors including manufacturing, transportation, and individuals such as gamers, users of cracked software, and cryptocurrency enthusiasts. The developers of Lumma have implemented policies to avoid targeting Russia, further demonstrating the malware's reach beyond Russian-speaking regions.