FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT

SUMMARY :

A malicious campaign using the domain 'telegrampremium[.]app' is distributing a new variant of Lumma Stealer malware. The fake site mimics the official Telegram Premium platform and automatically downloads an executable file 'start.exe' upon access. This sophisticated information-stealing trojan can exfiltrate browser credentials, cryptocurrency wallet details, and system information. The malware employs various techniques for persistence, defense evasion, and data theft, including file system manipulation, registry modification, and clipboard operations. The campaign highlights the ongoing use of brand impersonation and social engineering for large-scale malware distribution, emphasizing the need for robust security measures and user awareness.

OPENCTI LABELS :

infostealer,windows,credential theft,lumma stealer,drive-by download,brand impersonation,telegram premium


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT