FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT
Essential information
- Published
- 03/08/2025 04:27
- Modified
- 04/08/2025 09:18
- Tags
- 2025-08-03 brand impersonation credential-theft drive-by-download infostealer lumma stealer telegram premium windows
- Related entities
- 15 techniques (mitre), 1 malware
Description
A malicious campaign using the domain 'telegrampremium[.]app' is distributing a new variant of Lumma Stealer malware. The fake site mimics the official Telegram Premium platform and automatically downloads an executable file 'start.exe' upon access. This sophisticated information-stealing trojan can exfiltrate browser credentials, cryptocurrency wallet details, and system information. The malware employs various techniques for persistence, defense evasion, and data theft, including file system manipulation, registry modification, and clipboard operations. The campaign highlights the ongoing use of brand impersonation and social engineering for large-scale malware distribution, emphasizing the need for robust security measures and user awareness.