Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Trend Micro's Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub. The attackers exploited GitHub's release infrastructure to deliver various malware, including SectopRAT, Vidar, and Cobeacon. The campaign used compromised websites for redirection to GitHub-hosted malicious payloads. The malware exfiltrated sensitive data, connected to C&C servers, and employed evasion techniques. The tactics show similarities with the Stargazer Goblin group, known for using compromised websites and GitHub for payload distribution. The attack chain involved multiple stages, including initial access through GitHub, execution of malware, and subsequent deployment of additional tools. The campaign highlights the evolving distribution methods of Lumma Stealer and the importance of proactive security measures.
OPENCTI LABELS :
lumma stealer,information stealing
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response