Lumma

Malware updated 22 days ago (2024-11-29T13:56:02.848Z)
Download STIX
Preview STIX
Lumma is a malicious software (malware) that has been causing significant security concerns due to its ability to steal sensitive information. The malware was delivered to victims primarily through websites hosting cracked games, specifically targeting gamers. In August and September, researchers reported campaigns where Lumma was deployed using a deceptive CAPTCHA system. Furthermore, the malware was found to be part of a larger cyber threat landscape involving other malware families such as Vidar, Aresloader, and Canyon, among others. Interestingly, Lumma was also found to be associated with other notorious malware like RedLine, Meta, Vidar, and Raccoon Stealer that had infected devices storing Snowflake access credentials as early as 2020. The delivery of Lumma was facilitated by an exploit in Microsoft Defender SmartScreen, identified as CVE-2024-21412. This vulnerability allowed hackers to deliver not only Lumma but also other malware such as ACR and Meduza Stealers. Over time, Lumma evolved to survive disruptive operations by law enforcement, adapting and adopting new techniques to ensure its persistence. For instance, it was observed being sent over Latrodectus C2, and even being delivered alongside the Amadey Trojan. By July, more than 250 million estimated players were targeted and lured into downloading Lumma Stealer through multiple simultaneous scams. Given the rapid evolution of threats like Lumma Stealer, continuous monitoring, adaptation, and regular updating of detection rules, indicators of compromise, and security controls are necessary, says Sarah Jones, a cyber-threat intelligence research analyst at Critical Start. Lumma's tactics range from leveraging legitimate software to utilizing deceptive delivery methods, making it a persistent challenge for security teams. Protection against ongoing Lumma Stealer threats requires close collaboration between threat intelligence, security operations centers (SOCs), and incident-response teams. As Kumar notes, the investigation into Lumma Stealer reveals an evolving threat landscape characterized by the malware’s ability to adapt and evade detection.
Description last updated: 2024-11-15T16:02:11.430Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lumma Stealer is a possible alias for Lumma. Lumma Stealer is a potent malware designed to exfiltrate information from compromised systems, including system details, web browsers, and browser extensions. The malware was primarily delivered to victims through websites hosting cracked games, specifically targeting gamers. In July 2024, it was di
11
Stealc is a possible alias for Lumma. StealC is a form of malware that specifically targets browser extensions and password managers. Its emergence was first reported in early 2023 and it quickly grew in popularity on the dark web due to its ability to bypass traditional security measures. The malware's modus operandi involves stealing
3
Rhadamanthys is a possible alias for Lumma. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tact
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Infostealer
Maas
Payload
Windows
Trojan
Exploit
Android
Youtube
Cybercrime
Phishing
Infostealer ...
Google
Loader
Telegram
Credentials
Browser Exte...
Downloader
Dropper
Malware Loader
PowerShell
Fortiguard
Sandbox
Bot
Chrome
Github
Infostealers
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with Lumma. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage forUnspecified
6
The Amadey Malware is associated with Lumma. Amadey is a malicious software (malware) that has been known since 2018 and is notorious for stealing credentials from popular browsers and various Virtual Network Computing (VNC) systems. The malware, which is often sold in underground forums, uses sophisticated techniques to infect systems, includUnspecified
2
The Amos Malware is associated with Lumma. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to itUnspecified
2
Source Document References
Information about the Lumma Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
17 hours ago
InfoSecurity-magazine
a month ago
Malwarebytes
a month ago
Securelist
2 months ago
Securelist
a month ago
BankInfoSecurity
2 months ago
DARKReading
2 months ago
DARKReading
3 months ago
DARKReading
3 months ago
InfoSecurity-magazine
3 months ago
InfoSecurity-magazine
4 months ago
DARKReading
4 months ago
Securityaffairs
4 months ago
Checkpoint
5 months ago
Securityaffairs
5 months ago
ESET
5 months ago
Fortinet
5 months ago
DARKReading
6 months ago
InfoSecurity-magazine
6 months ago
BankInfoSecurity
6 months ago