CyberSecurity news
FlagThis
CISO2CISO Editor 2@ciso2ciso.com - 26d
A new, sophisticated cyber campaign is utilizing GitHub's infrastructure to distribute the Lumma Stealer malware, a notorious data-stealing tool. This campaign doesn't only focus on Lumma Stealer, it also distributes other malicious software including SectopRAT, Vidar, and Cobeacon. Attackers are exploiting the platform's release mechanisms to gain initial access to systems and subsequently deploy these harmful payloads. This tactic has allowed the threat actors to leverage a trusted platform, tricking users into downloading files from malicious URLs, thereby increasing the risk of widespread infections.
Trend Micro researchers have analyzed the tactics, techniques and procedures (TTPs) used in this campaign and found significant similarities with those used by the Stargazer Goblin group, indicating a potential connection between the two. The Lumma Stealer malware is known for extracting credentials, cryptocurrency wallets, system details, and other sensitive files. SOC Prime Platform has released detection content aimed at helping security teams proactively identify and thwart related threats. This includes Sigma rules for Lumma Stealer, SectopRAT, Vidar, and Cobeacon detection, highlighting the ongoing efforts to counter this dangerous threat.
References :
Trend Micro researchers have analyzed the tactics, techniques and procedures (TTPs) used in this campaign and found significant similarities with those used by the Stargazer Goblin group, indicating a potential connection between the two. The Lumma Stealer malware is known for extracting credentials, cryptocurrency wallets, system details, and other sensitive files. SOC Prime Platform has released detection content aimed at helping security teams proactively identify and thwart related threats. This includes Sigma rules for Lumma Stealer, SectopRAT, Vidar, and Cobeacon detection, highlighting the ongoing efforts to counter this dangerous threat.
Share:
References :
- ciso2ciso.com: Lumma Stealer, nefarious info-stealing malware, resurfaces in the cyber threat arena. Defenders recently uncovered an advanced adversary campaign distributing Lumma Stealer through GitHub infrastructure along with other malware variants, including SectopRAT, Vidar, and Cobeacon.
- SOC Prime Blog: Lumma Stealer, nefarious info-stealing malware, resurfaces in the cyber threat arena. Defenders recently uncovered an advanced adversary campaign distributing Lumma Stealer through GitHub infrastructure along with other malware variants, including SectopRAT, Vidar, and Cobeacon.
- Virus Bulletin: Trend Micro researchers dissect the tactics, techniques and procedures (TTPs) employed by a campaign distributing Lumma Stealer through GitHub.
- ciso2ciso.com: Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other Types of Malware – Source: socprime.com
- www.trendmicro.com: Trend Micro : Trend Micro reports on a campaign distributing Lumma stealer through GitHub.
- gbhackers.com: Cybercriminals Exploit GitHub Infrastructure to Distribute Lumma Stealer
- gbhackers.com: Cybercriminals Exploit GitHub Infrastructure to Distribute Lumma Stealer
Classification:
- HashTags: #MalwareDistribution #GitHub #LummaStealer
- Company: GitHub
- Target: NULL
- Attacker: Stargazer Goblin
- Product: GitHub
- Feature: release infrastructure
- Malware: Lumma Stealer
- Type: Malware
- Severity: Major