@blog.checkpoint.com
//
Microsoft has revealed that Lumma Stealer malware has infected over 394,000 Windows computers across the globe. This data-stealing malware has been actively employed by financially motivated threat actors targeting various industries. Microsoft Threat Intelligence has been tracking the growth and increasing sophistication of Lumma Stealer for over a year, highlighting its persistent threat in the cyber landscape. The malware is designed to harvest sensitive information from infected systems, posing a significant risk to users and organizations alike.
Microsoft, in collaboration with industry partners and international law enforcement, has taken action to disrupt the infrastructure supporting Lumma Stealer. However, the developers behind the malware are reportedly making significant efforts to restore servers and bring the operation back online, indicating the tenacity of the threat. Despite these efforts, security researchers note that the Lumma Stealer operation has suffered reputational damage, potentially making it harder to regain trust among cybercriminals. In related news, a new Rust-based information stealer called EDDIESTEALER is actively spreading through fake CAPTCHA campaigns, using the ClickFix social engineering tactic to trick users into running malicious PowerShell scripts. EDDIESTEALER targets crypto wallets, browser data, and credentials, demonstrating a continued trend of malware developers utilizing Rust for its enhanced stealth and stability. These developments underscore the importance of vigilance and robust cybersecurity practices to protect against evolving malware threats. References :
Classification:
@cyberpress.org
//
A new variant of the Lumma Stealer malware has been identified, showing significant advancements in its stealth and persistence. Researchers at the Trellix Advanced Research Center analyzed the new variant, discovering features such as code flow obfuscation and dynamic API resolution that help it evade detection. Lumma Stealer, originally introduced in 2022, has rapidly evolved and poses a serious threat to personal and organizational data by targeting sensitive information stored on infected systems.
Lumma Stealer, also known as LummaC2, has gained popularity in underground forums with over a thousand active subscribers as of March 2025. The malware uses deceptive methods such as fake CAPTCHA pages, mimicking Google reCAPTCHA or Cloudflare challenges, to trick users into executing malicious commands. These fraudulent pages are often hosted on compromised websites offering pirated content or cryptocurrency services, enticing unsuspecting users to initiate the infection chain. The malware's infection chain is complex and difficult to detect. It involves downloading a .zip file, extracting the malware, and establishing persistence through the Windows Registry's Run key. More advanced attacks hide the malware within seemingly harmless .mp3 or .png files, triggered via the mshta.exe HTML application engine, deploying layers of encryption, anti-debugging techniques, and detection evasion mechanisms. The stealer targets sensitive data, including cryptocurrency wallet credentials, 2FA codes, browser-stored passwords, and financial information, which it transmits to attacker-controlled domains. References :
Classification:
|