Lumma Stealer

Malware updated a month ago (2024-11-29T14:31:44.496Z)
Download STIX
Preview STIX
Lumma Stealer is a potent malware designed to exfiltrate information from compromised systems, including system details, web browsers, and browser extensions. The malware was primarily delivered to victims through websites hosting cracked games, specifically targeting gamers. In July 2024, it was discovered that the more than 250 million estimated players of the game "Hamster Kombat" were targeted and lured into downloading Lumma Stealer by multiple simultaneous scams. By leveraging legitimate software and utilizing deceptive delivery methods, Lumma Stealer presents a persistent challenge for security teams. The malicious PowerShell script that initiated the Lumma Stealer infection downloaded and executed an archive with the malware. The Command and Control (C&C) servers associated with Lumma Stealer were active in April, May, and June 2024, indicating an ongoing campaign. Lumma Stealer was installed on Windows machines, while Atomic Stealer (AMOS) was used on Macs. A unique loader, FakeBat, has been used to drop follow-up payloads such as Lumma Stealer. In October 2024, Check Point Research highlighted a significant rise in infostealer malware, with Lumma Stealer dominating the list of prevalent threats. Researchers from various companies reported this campaign in August and September. According to Sarah Jones, a cyber-threat intelligence research analyst at Critical Start, protecting against ongoing Lumma Stealer threats requires close collaboration between threat intelligence, security operations centers (SOCs), and incident-response teams. Continuous monitoring, adaptation, and regular updating of detection rules, indicators of compromise, and security controls are crucial given the rapid evolution of threats like Lumma Stealer.
Description last updated: 2024-11-21T10:34:24.554Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lumma is a possible alias for Lumma Stealer. Lumma is a malicious software (malware) that has been causing significant security concerns due to its ability to steal sensitive information. The malware was delivered to victims primarily through websites hosting cracked games, specifically targeting gamers. In August and September, researchers re
11
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Payload
Youtube
Windows
Infostealer
Exploit
Downloader
Android
Phishing
Telegram
Bot
Infostealer ...
Credentials
PowerShell
Trojan
Infostealers
Chrome
Rat
Vulnerability
Browser Exte...
Fortiguard
Sandbox
Maas
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with Lumma Stealer. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage forUnspecified
4
The Redline Stealer Malware is associated with Lumma Stealer. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects sUnspecified
3
The Magecart Malware is associated with Lumma Stealer. Magecart is a form of malware that targets e-commerce platforms by injecting malicious code to steal customer data. The malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations and steal personal informatUnspecified
2
The Vidar Malware is associated with Lumma Stealer. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malwUnspecified
2
The Rhadamanthys Malware is associated with Lumma Stealer. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tactUnspecified
2
The Mozi Malware is associated with Lumma Stealer. Mozi, a malicious software (malware), has been a significant force in the cyber threat landscape. This malware, known for exploiting outdated and vulnerable Internet of Things (IoT) devices, was responsible for 74% of all IoT attacks in 2021. The Mozi botnet, infamous for hijacking hundreds of thousUnspecified
2
The Netsupport Malware is associated with Lumma Stealer. NetSupport is a legitimate remote access software that has been repurposed as malware by various cybercriminal groups. It has been observed in several high-profile cyber-attacks, including the Royal ransomware attack and operations conducted by former ITG23 members. The malware can infiltrate systemUnspecified
2
The Netsupport Rat Malware is associated with Lumma Stealer. NetSupport RAT is a malicious software (malware) that poses a significant threat to organizational safety. The malware, which can be spread through suspicious downloads, emails, or websites, infiltrates systems without detection and has the potential to steal personal information, disrupt operationsUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The FIN7 Threat Actor is associated with Lumma Stealer. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
Source Document References
Information about the Lumma Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
a month ago
Checkpoint
a month ago
Malwarebytes
a month ago
Securelist
2 months ago
Malwarebytes
a month ago
DARKReading
2 months ago
DARKReading
2 months ago
DARKReading
3 months ago
BankInfoSecurity
3 months ago
InfoSecurity-magazine
3 months ago
InfoSecurity-magazine
3 months ago
Krebs on Security
3 months ago
InfoSecurity-magazine
4 months ago
CrowdStrike
4 months ago
DARKReading
5 months ago
DARKReading
5 months ago
DARKReading
5 months ago
DARKReading
5 months ago
ESET
5 months ago
Trend Micro
5 months ago