Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure

SUMMARY :

An ongoing malware campaign is distributing Lumma Stealer, an information-stealing malware, through malicious LNK files disguised as PDF documents. The campaign exploits compromised educational institutions' infrastructure to host these files. When executed, the LNK files initiate a multi-stage infection process, ultimately deploying Lumma Stealer on the victim's machine. The malware targets various industries, including education, finance, healthcare, and technology. It employs sophisticated evasion techniques, such as using Steam profiles for command-and-control operations. The campaign highlights the importance of user awareness and robust security measures to protect against this Malware-as-a-Service (MaaS) threat that steals sensitive data like passwords, browser information, and cryptocurrency wallet details.

OPENCTI LABELS :

phishing,lumma stealer,lnk files,information stealing,maas,multi-stage infection,steam profiles,educational institutions,pdf-themed


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure