Lumma Stealer Malware Thrives as Unique Patterns Uncovered in the Infostealer's Domain Clusters

SUMMARY :

Recent research reveals Lumma Stealer command and control domain clusters share specific technical characteristics, enabling mapping of entire infrastructure clusters. The infostealer's logs are being shared for free on Leaky[.]pro, a new hacking forum, offering billions of stolen credential records. There's an alarming increase in malware spread via malicious YouTube links and infected files disguised in videos, comments, or descriptions. Lumma Stealer infections typically enable more extensive attacks, including ransomware deployment and espionage operations. The malware targets multiple Windows versions, stealing sensitive information like login credentials, browser data, chat logs, and cryptocurrency wallet details. Distribution methods include malvertising on popular search engines and malspam with harmful attachments. Threat actors register clusters of 10-20 domains at a time, some used immediately while others age for up to two weeks.

OPENCTI LABELS :

infostealer,malvertising,credential theft,youtube,lumma stealer,malspam,sectoprat,c2 infrastructure,domain clusters


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Lumma Stealer Malware Thrives as Unique Patterns Uncovered in the Infostealer's Domain Clusters