LummaC2 Stealer is a prominent malware that has been increasingly utilized for initial access or information stealing over the past year. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or devices by stealing personal information, disrupting operations, or holding data hostage for ransom. LummaC2 Stealer has been detected in conjunction with other new malwares such as SVCReady, CargoBay, Matanbuchus, Pikabot, Aresloader, Vidar, and Minodo, indicating its rising prevalence.
The malware's prominence is particularly notable in the realm of cryptocurrency theft. In fact, detections of malware specifically designed to steal cryptocurrency from users' wallets, known as cryptostealers, surged 68% from H1 to H2 2023, according to the ESET Threat Report. LummaC2 Stealer, also known as Lumma Stealer, is one of the most popular among these, targeting digital wallets, user credentials, and even two-factor authentication (2FA) browser extensions.
In addition, recent updates to LummaC2 Stealer have introduced a novel trigonometry-based anti-sandbox technique. This advancement forces the malware to wait until "human" behavior is detected in the infected machine before it initiates its disruptive activities. These updates were disclosed in files named "phoneoutsourcing.exe" related to RisePro stealer and "647887023.png", both of which lead to infection with LummaC2 Stealer. The evolution of LummaC2 Stealer's tactics underscores the continuous threat it poses and the importance of maintaining robust cybersecurity measures.
Description last updated: 2024-05-05T10:22:04.108Z