Lummac2 Stealer

Malware updated 5 months ago (2024-05-05T11:17:46.413Z)

Download STIX

Preview STIX

LummaC2 Stealer is a prominent malware that has been increasingly utilized for initial access or information stealing over the past year. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or devices by stealing personal information, disrupting operations, or holding data hostage for ransom. LummaC2 Stealer has been detected in conjunction with other new malwares such as SVCReady, CargoBay, Matanbuchus, Pikabot, Aresloader, Vidar, and Minodo, indicating its rising prevalence. The malware's prominence is particularly notable in the realm of cryptocurrency theft. In fact, detections of malware specifically designed to steal cryptocurrency from users' wallets, known as cryptostealers, surged 68% from H1 to H2 2023, according to the ESET Threat Report. LummaC2 Stealer, also known as Lumma Stealer, is one of the most popular among these, targeting digital wallets, user credentials, and even two-factor authentication (2FA) browser extensions. In addition, recent updates to LummaC2 Stealer have introduced a novel trigonometry-based anti-sandbox technique. This advancement forces the malware to wait until "human" behavior is detected in the infected machine before it initiates its disruptive activities. These updates were disclosed in files named "phoneoutsourcing.exe" related to RisePro stealer and "647887023.png", both of which lead to infection with LummaC2 Stealer. The evolution of LummaC2 Stealer's tactics underscores the continuous threat it poses and the importance of maintaining robust cybersecurity measures.

Description last updated: 2024-05-05T10:22:04.108Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lummac2 is a possible alias for Lummac2 Stealer. LummaC2 is a dynamic malware strain, first identified in Russian-speaking forums in 2022. It's written in C and distributed as Malware-as-a-Service (MaaS). The malware has been actively exploiting PowerShell commands to infiltrate systems and exfiltrate sensitive data. In 2023, LummaC2's use expande	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Lummac2 Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
ESET	6 months ago	Bitcoin scams, hacks and heists – and how to avoid them
CERT-EU	a year ago	ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
SecurityIntelligence.com	a year ago	The Trickbot/Conti Crypters: Where Are They Now?