Lumma

Malware updated 5 days ago (2024-10-03T23:01:56.756Z)
Download STIX
Preview STIX
Lumma is a sophisticated and stealthy malware, known for its extensive ability to harvest sensitive data from infected devices. It is primarily designed to steal passwords, card details, cryptocurrency wallets, and browser session cookies. The malware has evolved with new anti-sandbox methods, making it harder to detect and enabling it to inject itself into legitimate Windows processes to evade basic antivirus software. Lumma is often delivered to victims through deceptive downloads, such as a disguised trial download that instead serves a .zip file containing the malicious payload. The exploitation of the Microsoft Defender SmartScreen bug CVE-2024-21412 has been a significant delivery mechanism for Lumma, among other malware like ACR and Meduza Stealers. Once users agree to a personal use disclaimer and initiate a download, they are served with a .zip file containing the malicious payload leading to the Lumma Stealer. This malware uses a DLL side-loading technique for execution, further enhancing its stealth. In some instances, Lumma was sent over Latrodectus C2, a command-and-control server used by cybercriminals. Lumma's stealthy approach and advanced capabilities have made it one of the most common infostealers in the world today. It ranked as the sixth most prevalent malware in the wild, according to a report by Red Canary. Despite appearing as a legitimate tool or harmless download, Lumma can deliver further malware such as ransomware, posing serious security threats. Bitdefender warns of Lumma's danger, particularly due to its ability to remain undetected while harvesting data from infected devices.
Description last updated: 2024-10-03T22:16:56.175Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lumma Stealer is a possible alias for Lumma. Lumma Stealer is a potent infostealer malware variant, notorious for its extensive data harvesting capabilities. It is designed to extract sensitive information such as passwords, card details, browser session cookies, and cryptocurrency wallets from infected devices. The malware employs sophisticat
11
Stealc is a possible alias for Lumma. StealC is a pernicious malware that specifically targets browser extensions and authenticators by password managers. It came to the forefront following a significant attack on the Solana blockchain in 2023, which resulted in a $7 million heist due to a related malware called Luca Stealer. The StealC
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Infostealer
Youtube
Payload
Maas
Android
Trojan
Cybercrime
Phishing
Exploit
Infostealer ...
Google
Windows
Loader
Dropper
Github
Malware Loader
Fortiguard
Telegram
Sandbox
Bot
Chrome
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with Lumma. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, RedLine can steal personal information, disrupt operations, or deliver further Unspecified
4
The Amos Malware is associated with Lumma. AMOS is a sophisticated malware variant specifically targeting macOS users, with the ability to steal sensitive information such as passwords, personal files, and cryptocurrency wallet details. This malicious software has been linked to the ClearFake campaign, which has been spreading the AMOS inforUnspecified
2
Source Document References
Information about the Lumma Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
5 days ago
DARKReading
12 days ago
InfoSecurity-magazine
13 days ago
InfoSecurity-magazine
a month ago
DARKReading
2 months ago
Securityaffairs
2 months ago
Checkpoint
2 months ago
Securityaffairs
2 months ago
ESET
2 months ago
Fortinet
3 months ago
DARKReading
4 months ago
InfoSecurity-magazine
4 months ago
BankInfoSecurity
4 months ago
Pulsedive
4 months ago
Securityaffairs
4 months ago
DARKReading
4 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago
InfoSecurity-magazine
5 months ago