Lumma

Malware Profile Updated 10 days ago
Download STIX
Preview STIX
Lumma is a prominent malware, particularly known as an information stealer. It is delivered through various means, including suspicious downloads, emails, and websites. In one instance observed by Palo Alto Networks’ Unit 42, Lumma was sent over Latrodectus C2 in an infection chain. In another campaign, Lumma was one of at least five types of malware delivered, which included the DarkGate and NetSupport RATs, the Matanbuchus malware loader, and other information stealers like Vidar. Lumma's usage was also reported to be significant among subscription-based Malware-as-a-Service (MaaS) offerings, accounting for 21% of such services. The Lumma malware has been associated with several cybercriminal groups, including those involved with FIN7 developers. New families of malware developed from these associations include backdoors/downloaders such as Aresloader and Canyon, and information stealers like Lumma C2 and Vidar. Notably, Lumma and other similar infostealer malware variants like VIDAR, RISEPRO, REDLINE, RACOON STEALER, and METASTEALER have been used in attacks exploiting customer credentials from Snowflake, some of which were exposed in hacks dating back as far as four years ago. Furthermore, Lumma has been distributed through various deceptive methods. For instance, it was deployed through a ZIP archive file distributed via bitdefender-app[.]com. It was also found in numerous repositories on GitHub, often contained within the infamous Lumma password stealer. Lumma, along with other malware programs like Nexus, Medusa, Redline, and Racoon, are designed to steal sensitive information such as login credentials and financial data, posing a significant threat to cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lumma Stealer
10
Lumma Stealer is a malicious software (malware) that infiltrates systems primarily to steal personal information, disrupt operations, and exploit vulnerabilities. According to the ESET Threat Report H2 2023, Lumma Stealer gained significant traction in the second half of 2023, with its capabilities
Vidar
7
Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2,
Stealc
2
Stealc is a malicious software (malware) that specifically targets browser extensions and authenticators by password managers, growing in popularity on the dark web since its discovery in early 2023. It has been associated with significant cyber-attacks, such as the $7 million heist on the Solana bl
Mars
1
Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti
Rhadamanthys
1
Rhadamanthys is a malicious software (malware) that has been leveraged by the threat actor group TA547 to target German organizations. The malware, which infiltrates systems through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or hold data for ransom
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Maas
Youtube
Infostealer
Infostealer ...
Google
Phishing
Payload
Trojan
Loader
Cybercrime
Android
Exploit
Dropper
Fortiguard
Malware Loader
Sandbox
Chrome
Github
Encryption
Fraud
Encrypt
Vulnerability
Windows
Telegram
Exploits
At
1password
Scam
Avast
Snowflake
Discord
Bot
Crypter
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RedlineUnspecified
4
RedLine is a malware designed to exploit and damage computer systems by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been identified as a favorite infostealer among threat actors selling logs through the marketplace 2easy, which also sells Rac
AmosUnspecified
2
AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot
ClearfakeUnspecified
1
ClearFake is a malicious software that has been identified as a fake browser update activity cluster, compromising legitimate websites with harmful HTML and JavaScript. The malware was first observed by Proofpoint in early April, employing a cut-and-paste technique for its delivery. ClearFake's camp
AmadeyUnspecified
1
Amadey is a malicious software (malware) that has been found to be used in conjunction with other malware such as Remcos, GuLoader, and Formbook. Analysis of the infection chains revealed that the individual behind the sales of Remcos and GuLoader also uses Amadey and Formbook, using GuLoader as a p
AuroraUnspecified
1
Aurora is a type of malware designed to exploit and damage computer systems, often through suspicious downloads, emails, or websites. It has been used in a series of high-profile cyber-attacks over the years, with notable instances such as Operation Aurora in 2009, which targeted major technology co
MinodoUnspecified
1
Minodo is a type of malware, a harmful program designed to exploit and damage computer systems. It can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data h
DiceloaderUnspecified
1
Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in
AresloaderUnspecified
1
AresLoader is a type of malware that was first advertised for sale on the top-tier Russian-language hacking forum XSS in December 2022 by a threat actor named "DarkBLUP". This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emai
RiseproUnspecified
1
RisePro is a type of malware, specifically an info-stealer, designed to infiltrate and damage computer systems. It operates by exploiting vulnerabilities in a device, often through suspicious downloads, emails, or websites, typically without the user's knowledge. Once inside, RisePro can disrupt ope
Atomic Macos Stealer AmosUnspecified
1
In April 2023, Cyble Research and Intelligence Labs (CRIL) discovered a new malware named Atomic macOS Stealer (AMOS) being advertised for sale on a Telegram channel. The malware was found to be part of a larger operation involving several other variants such as Vidar, Lumma, and Octo. These threat
SpynoteUnspecified
1
SpyNote is a malicious software (malware) designed to exploit and damage computer systems, often infecting devices through suspicious downloads, emails, or websites. A newer variant of SpyNote has been observed using the Accessibility API to target well-known cryptocurrency wallets. The malware is d
LatrodectusUnspecified
1
Latrodectus, a new type of malware discovered in late 2023, is being used by Initial Access Brokers (IABs) in email threat campaigns. Initially mistaken for a variant of the well-known IcedID malware due to similar characteristics, researchers at Proofpoint and Team Cymru S2 Threat Research Team hav
Redline StealerUnspecified
1
RedLine Stealer is a type of malware that has been causing significant disruption in the digital landscape. This malicious software infiltrates computer systems, often without the user's knowledge, via suspicious downloads, emails, or websites, and then proceeds to steal personal information, disrup
Raccoon StealerUnspecified
1
Raccoon Stealer is a form of malware that was first identified in 2019. Developed by Russian-speaking coders and initially promoted on Russian-language hacking forums, the malicious software was designed to steal sensitive data from victims, including credit card information, email credentials, and
DarkgateUnspecified
1
DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos
NetsupportUnspecified
1
NetSupport is a malicious software (malware) that has been used in various cyberattacks, including the Royal Ransomware attack and assaults by former ITG23 members. It can infiltrate systems through suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or
MatanbuchusUnspecified
1
Matanbuchus is a malicious software (malware) that has been actively used in various cyberattacks since July 16, 2022. Initially identified as part of a malspam campaign by Unit 42 in February 2023, it was believed to be a possible drop from the PikaBot malware. However, subsequent analysis revealed
Amadey LoaderUnspecified
1
Amadey Loader is a type of malware, a malicious software designed to infiltrate and damage computer systems. It can stealthily enter systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom
Lummac2Unspecified
1
LummaC2 is a relatively new information-stealing malware, first discovered in 2022. The malicious software has been under active development, with researchers identifying LummaC2 4.0 as a dynamic malware strain in November 2023. It's been used by threat actors for initial access or data theft, often
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FIN7Unspecified
1
FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security
MedusaUnspecified
1
Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Atomic Macos Stealer (AmosUnspecified
1
None
Source Document References
Information about the Lumma Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Fortinet
10 days ago
Dark Web Shows Cybercriminals Ready for Olympics. Are You? | FortiGuard Labs
DARKReading
a month ago
Cut & Paste Tactics Import Malware to Unwitting Victims
InfoSecurity-magazine
2 months ago
Threat Actor Breaches Snowflake Customers, Victims Extorted
BankInfoSecurity
2 months ago
Snowflake Hacking Spree Puts At Risk 165 Organizations
Pulsedive
2 months ago
Pulsedive Blog | Latrodectus Threat Research
Securityaffairs
2 months ago
Fake AV websites used to distribute info-stealer malware
DARKReading
2 months ago
AI Voice Generator App Used to Drop Gipy Malware
Securityaffairs
2 months ago
Cybercriminals are targeting elections in India with influence campaigns
DARKReading
2 months ago
YouTube Becomes Latest Battlefront for Phishing, Deepfakes
Securityaffairs
2 months ago
GitCaught campaign relies on Github and Filezilla to deliver multiple malware
InfoSecurity-magazine
2 months ago
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
InfoSecurity-magazine
3 months ago
Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk
InfoSecurity-magazine
4 months ago
Byakugan Infostealer Capabilities Revealed
InfoSecurity-magazine
4 months ago
Famous YouTube Channels Hacked to Distribute Infostealers
CERT-EU
a year ago
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware
Malwarebytes
5 months ago
Vibrator virus steals your personal information | Malwarebytes
CERT-EU
5 months ago
Vibrator virus steals your personal information - Cyber Security Review
CERT-EU
6 months ago
Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election
CERT-EU
6 months ago
Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election
DARKReading
7 months ago
Beware Weaponized YouTube Channels Spreading Lumma Stealer