216.73.216.133

AI-Assisted Lure Factory Targets Developers & Gamers

· Published 08/05/2026 11:31 · Modified 11/05/2026 10:26

Export JSON

Essential information

Published
08/05/2026 11:31
Modified
11/05/2026 10:26
Tags
2026-05-08 ai-generated lures credential-theft github infostealer luajit lummastealer prometheus obfuscator redline troyden two-component payload
Related entities
9 observables, 1 intrusion sets (apt), 3 malware, 1 others

Description

A large-scale malware campaign tracked as 's Lure Factory has been identified distributing -based infostealers through over 300 delivery packages hosted on . The operation uses AI-generated lure names incorporating obscure biological taxonomy and medical terminology to target developers, gamers, Roblox players, and crypto users. The malware employs a two-component design with a renamed runtime and encrypted Lua payload that evades sandbox detection through anti-analysis checks and extreme sleep delays. Upon execution, it disables proxy detection, captures desktop screenshots, performs geolocation, and exfiltrates data to C2 servers in Frankfurt. The infrastructure demonstrates scalability with multiple IP addresses serving identical encrypted commands, while maintaining simultaneous campaigns across gaming cheats, developer tools, phone trackers, and VPN crackers.

External references