Contact

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

NetmanageIT OpenCTI - opencti.netmanageit.com

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA



SUMMARY :

Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, process hollowing, and the abuse of Windows tools like mshta.exe. Lumma Stealer targets sensitive data, including passwords, browser information, and cryptocurrency wallet details. The campaign analysis reveals the malware's deceptive methods, from initial infection to data exfiltration. The threat actors utilize Content Delivery Networks for payload delivery and command and control servers for data exfiltration.

OPENCTI LABELS :

fileless,powershell,process hollowing,data exfiltration,cryptocurrency,lumma stealer,information-stealing,maas,fake captcha


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA