Back to Business: Lumma Stealer Returns with Stealthier Methods

SUMMARY :

Lumma Stealer, an information-stealing malware, has resurfaced shortly after its takedown in May 2025. The cybercriminals behind it are now employing more covert tactics and expanding their reach. The malware is being distributed through discreet channels and uses stealthier evasion techniques. Lumma Stealer can steal sensitive data such as credentials and private files, and is marketed as a malware-as-a-service. Users are lured to download it through fake cracked software, deceptive websites, and social media posts. The malware's infrastructure has been diversified, with a shift towards using Russian-based cloud services. Recent campaigns include fake crack downloads, ClickFix campaigns using fake CAPTCHA pages, GitHub repository abuse, and social media promotions.

OPENCTI LABELS :

social engineering,information stealer,lumma stealer,infrastructure,malware-as-a-service,evasion tactics,cracked software,github abuse


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Back to Business: Lumma Stealer Returns with Stealthier Methods