Lumma Stealer

Malware Profile Updated 15 days ago
Download STIX
Preview STIX
Lumma Stealer is a malicious software, or malware, that targets computer systems with the intent to exploit and damage them. This malware primarily focuses on stealing cryptocurrency wallets and browser user data. The latest version of Lumma Stealer was detected in our recent investigation, revealing its advanced capabilities in conducting multiple DNS lookups for domains previously associated with this malware. In earlier iterations, the malware retrieved the .ENC file, further illustrating its evolving sophistication. According to an ESET Threat Report, detections of malware designed to steal cryptocurrency surged 68% from H1 to H2 2023, with Lumma Stealer being one of the most popular. The infection of Lumma Stealer was first identified on October 11, 2023. This malware has been linked to TA547, a financially motivated threat actor active since November 2017. TA547 has been observed delivering a variety of Android and Windows malware, including Lumma Stealer, which targets digital wallets, user credentials, and even two-factor authentication (2FA) browser extensions. The group also operates as an initial access broker (IAB), targeting various geographic regions. Multiple security vendors have detected infostealer malware, including Vidar, StealC, and Lumma Stealer, delivered via their platform. In an alarming development, threat actors have started using YouTube channels as a platform to distribute a variant of the Lumma Stealer malware. Several YouTube channels were compromised to enable the distribution of this information-stealing malware via videos purporting to share cracked versions of legitimate software. This strategy has increased the reach and impact of Lumma Stealer, demonstrating the need for heightened vigilance and robust cybersecurity measures among internet users.
What's your take? (Question 1 of 5)
5789d480-f97f-432d-a0be-e5eef1079db0 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lumma
8
Lumma is a type of malware, specifically an information stealer, known for its sophisticated tactics in cyber threats, including the exploitation of the undocumented Google OAuth2 MultiLogin endpoint. In late November 2023, BleepingComputer reported on Lumma's ability to restore expired Google authe
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Android
Youtube
Loader
Phishing
Bot
Infostealer
Chrome
Trojan
Exploit
Rat
Vulnerability
Payload
Fortiguard
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MagecartUnspecified
2
Magecart is a consortium of malicious hacker groups known for targeting online shopping cart systems, such as the Magento system, with the aim of stealing customer payment card information. This malware, short for malicious software, infiltrates systems through suspicious downloads, emails, or websi
MoziUnspecified
2
Mozi is a type of malware, a malicious software designed to exploit and damage computer systems or devices. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, Mozi has the potential to steal personal information, disrupt oper
Netsupport RatUnspecified
2
NetSupport RAT is a type of malware that can significantly compromise an organization's digital security. Originally derived from the legitimate NetSupport Manager, a remote technical support tool, this malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to t
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lumma Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Crypto drainers spread via hijacked Netgear, Hyundai X accounts
InfoSecurity-magazine
5 months ago
H2 2023 Threat Landscape Dominated by AI and Android Spyware
CERT-EU
5 months ago
Info-Stealing Malware Now Includes Google Session Hijacking
CERT-EU
5 months ago
Cyber Security Week In Review: January 12, 2024
BankInfoSecurity
5 months ago
Microsoft Disables Abused Application Installation Protocol
CERT-EU
5 months ago
ESET Threat Report H2 2023
CERT-EU
6 months ago
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
CERT-EU
8 months ago
A cryptor, a stealer and a banking trojan - Cyber Security Review
CERT-EU
5 months ago
Microsoft disables online Windows App Installer after attackers abuse it | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
New Rugmi Malware Loader Surges with Hundreds of Daily Detections – GIXtools
CERT-EU
5 months ago
Active PikaBot loader malware deployment in spam campaigns reported
CERT-EU
5 months ago
Microsoft disables online Windows App Installer after attackers abuse it | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
Google Responds to Session Token Malware That Can Hijack Your Accounts
ESET
a month ago
Bitcoin scams, hacks and heists – and how to avoid them
CERT-EU
8 months ago
Kaspersky crimeware report: ASMCrypt, Lumma and Zanubis
DARKReading
5 months ago
Beware Weaponized YouTube Channels Spreading Lumma Stealer
CERT-EU
4 months ago
YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes
CERT-EU
6 months ago
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
CERT-EU
5 months ago
Financially motivated threat actors misusing App Installer | Microsoft Security Blog
CERT-EU
5 months ago
YouTube Channels Hacked to Spread Lumma Stealer via Cracked Software | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting