Lumma

Malware updated 8 months ago (2024-11-29T13:56:02.848Z)
Download STIX
Preview STIX
Lumma is a malicious software (malware) that has been causing significant security concerns due to its ability to steal sensitive information. The malware was delivered to victims primarily through websites hosting cracked games, specifically targeting gamers. In August and September, researchers reported campaigns where Lumma was deployed using a deceptive CAPTCHA system. Furthermore, the malware was found to be part of a larger cyber threat landscape involving other malware families such as Vidar, Aresloader, and Canyon, among others. Interestingly, Lumma was also found to be associated with other notorious malware like RedLine, Meta, Vidar, and Raccoon Stealer that had infected devices storing Snowflake access credentials as early as 2020. The delivery of Lumma was facilitated by an exploit in Microsoft Defender SmartScreen, identified as CVE-2024-21412. This vulnerability allowed hackers to deliver not only Lumma but also other malware such as ACR and Meduza Stealers. Over time, Lumma evolved to survive disruptive operations by law enforcement, adapting and adopting new techniques to ensure its persistence. For instance, it was observed being sent over Latrodectus C2, and even being delivered alongside the Amadey Trojan. By July, more than 250 million estimated players were targeted and lured into downloading Lumma Stealer through multiple simultaneous scams. Given the rapid evolution of threats like Lumma Stealer, continuous monitoring, adaptation, and regular updating of detection rules, indicators of compromise, and security controls are necessary, says Sarah Jones, a cyber-threat intelligence research analyst at Critical Start. Lumma's tactics range from leveraging legitimate software to utilizing deceptive delivery methods, making it a persistent challenge for security teams. Protection against ongoing Lumma Stealer threats requires close collaboration between threat intelligence, security operations centers (SOCs), and incident-response teams. As Kumar notes, the investigation into Lumma Stealer reveals an evolving threat landscape characterized by the malware’s ability to adapt and evade detection.
Description last updated: 2024-11-15T16:02:11.430Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lumma Stealer is a possible alias for Lumma. Lumma Stealer is a potent malware designed to exfiltrate information from compromised systems, including system details, web browsers, and browser extensions. The malware was primarily delivered to victims through websites hosting cracked games, specifically targeting gamers. In July 2024, it was di
14
Rhadamanthys is a possible alias for Lumma. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tact
4
Stealc is a possible alias for Lumma. StealC is a form of malware that specifically targets browser extensions and password managers. Its emergence was first reported in early 2023 and it quickly grew in popularity on the dark web due to its ability to bypass traditional security measures. The malware's modus operandi involves stealing
3
Lumma Infostealer is a possible alias for Lumma.
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Infostealer
Domains
Windows
Maas
Payload
Credentials
Loader
Exploit
Cybercrime
Telegram
Phishing
PowerShell
Trojan
Android
Youtube
Infostealer ...
Tool
Ransomware
Infostealers
Antivirus
Downloader
Google
Source
Malware Loader
Fortiguard
Sandbox
Github
Dropper
Facebook
Malvertising
Microsoft
Encryption
Vulnerability
Browser Exte...
Rat
Bot
Chrome
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with Lumma. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage forUnspecified
8
The Lummac2 Malware is associated with Lumma. LummaC2 is a malicious software (malware) that was initially identified in Russian-speaking forums in 2022. The malware, written in C and distributed as Malware-as-a-Service (MaaS), has been actively developed over time, with researchers noting that LummaC2 4.0 operates as a dynamic malware strain. Unspecified
5
The Amadey Malware is associated with Lumma. Amadey is a malicious software (malware) that has been known since 2018 and is notorious for stealing credentials from popular browsers and various Virtual Network Computing (VNC) systems. The malware, which is often sold in underground forums, uses sophisticated techniques to infect systems, includUnspecified
3
The Clickfix Malware is associated with Lumma. ClickFix is a malicious software (malware) that has been actively exploiting computers and devices, primarily through fake WordPress plug-ins. The malware campaign leverages these bogus plug-ins to inject JavaScript that leads to ClickFix fake browser updates. These updates use blockchain and smart Unspecified
3
The malware Meta Stealer is associated with Lumma. Unspecified
2
The Latrodectus Malware is associated with Lumma. Latrodectus, a harmful malware discovered in late 2023, has been gaining momentum among threat actors, with a significant increase in activity noted throughout February and March. This malicious software is being employed by initial access brokers (IABs) in email threat campaigns and uses MSI files Unspecified
2
The Autoit Malware is associated with Lumma. AutoIt is a type of malware, a malicious software designed to exploit and damage computers or devices. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, AutoIt can steal personal information, disrupt operations, or even hold data hUnspecified
2
The Amos Malware is associated with Lumma. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to itUnspecified
2
Source Document References
Information about the Lumma Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
5 days ago
Trend Micro
5 days ago
InfoSecurity-magazine
10 days ago
Unit42
17 days ago
InfoSecurity-magazine
20 days ago
Malware-traffic-analysis.net
24 days ago
InfoSecurity-magazine
25 days ago
Malware-traffic-analysis.net
a month ago
InfoSecurity-magazine
2 months ago
Securelist
2 months ago
Checkpoint
2 months ago
InfoSecurity-magazine
2 months ago
Malwarebytes
2 months ago
ESET
2 months ago
Malwarebytes
2 months ago
InfoSecurity-magazine
2 months ago
Securityaffairs
2 months ago
CERT Polska
3 months ago
Securelist
3 months ago
Securityaffairs
3 months ago