Lumma

Malware updated 2 days ago (2024-09-05T14:18:12.800Z)

Download STIX

Preview STIX

Lumma is a malicious software, or malware, known for its hard-to-detect nature. It primarily targets cryptocurrency wallets, two-factor authentication browser extensions, and other sensitive information on a victim's device. Lumma operates by exploiting vulnerabilities in systems, such as the Microsoft Defender SmartScreen bug CVE-2024-21412, to deliver harmful payloads like Lumma Infostealer. Once executed, this component exfiltrates sensitive data, including cryptocurrency wallet files, browser data, and password manager databases. Lumma Stealer communicates with its Command & Control (C&C) server via HTTP and uses process hollowing, a technique that allows it to hide its activities within legitimate processes. The Lumma malware was delivered through a sophisticated chain of infection observed by Unit 42. This involved the transmission of a Lumma executable file (EXE) over Latrodectus C2, a known command and control server. The malware was part of a new wave of threats that included not only information stealers like Lumma C2 and Vidar but also backdoors/downloaders such as Aresloader and Canyon. Some of these were acquired from FIN7 developers, including Minodo and Diceloader. As per a report published by Red Canary last month, Lumma was ranked as the sixth most prevalent malware in the wild, tied with the popular SocGholish and the ubiquitous Cobalt Strike. Despite its prevalence, Lumma's stealthy operations and advanced anti-sandbox methods make it a particularly insidious strain of malware. To download its payload, Lumma Stealer employs FTP, further complicating detection efforts. Ultimately, Lumma Stealer exfiltrates the victim’s data to its C&C server, demonstrating the high level of threat it poses to users' sensitive information.

Description last updated: 2024-09-05T13:18:44.210Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Lumma Stealer	11	Lumma Stealer is a potent and elusive malware that targets sensitive information on victims' devices, including cryptocurrency wallets and two-factor authentication browser extensions. This malicious software infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to th
Stealc	2	StealC is a prominent malware that specifically targets browser extensions and password managers. It rose to infamy following an attack on the Solana blockchain in 2023, which resulted in a $7 million heist. This heist was orchestrated using Luca Stealer, another malware that targets crypto wallets

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Infostealer

Youtube

Maas

Android

Payload

Google

Cybercrime

Loader

Phishing

Trojan

Exploit

Infostealer ...

Dropper

Chrome

Bot

Windows

Malware Loader

Fortiguard

Sandbox

Github

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Redline	Unspecified	4	RedLine is a notorious malware that has been widely used by cybercriminals to steal sensitive information. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can cause significant damage by stealing personal data or disrupting operations. RedLine's conf
Amos	Unspecified	2	AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot

Source Document References

Information about the Lumma Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	2 days ago	Would-Be OnlyFans Hackers Targeted With Infostealer
DARKReading	16 days ago	Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Checkpoint	a month ago	5th August – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
ESET	a month ago	The tap-estry of threats targeting Hamster Kombat players
Fortinet	2 months ago	Dark Web Shows Cybercriminals Ready for Olympics. Are You? \| FortiGuard Labs
DARKReading	3 months ago	Cut & Paste Tactics Import Malware to Unwitting Victims
InfoSecurity-magazine	3 months ago	Threat Actor Breaches Snowflake Customers, Victims Extorted
BankInfoSecurity	3 months ago	Snowflake Hacking Spree Puts At Risk 165 Organizations
Pulsedive	3 months ago	Pulsedive Blog \| Latrodectus Threat Research
Securityaffairs	3 months ago	Fake AV websites used to distribute info-stealer malware
DARKReading	3 months ago	AI Voice Generator App Used to Drop Gipy Malware
Securityaffairs	4 months ago	Cybercriminals are targeting elections in India with influence campaigns
DARKReading	4 months ago	YouTube Becomes Latest Battlefront for Phishing, Deepfakes
Securityaffairs	4 months ago	GitCaught campaign relies on Github and Filezilla to deliver multiple malware
InfoSecurity-magazine	4 months ago	Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
InfoSecurity-magazine	4 months ago	Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk
InfoSecurity-magazine	5 months ago	Byakugan Infostealer Capabilities Revealed
InfoSecurity-magazine	5 months ago	Famous YouTube Channels Hacked to Distribute Infostealers