216.73.216.86

FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT

· Published 03/08/2025 04:27 · Modified 04/08/2025 09:18

Export JSON

Essential information

Published
03/08/2025 04:27
Modified
04/08/2025 09:18
Tags
2025-08-03 brand impersonation credential-theft drive-by-download infostealer lumma stealer telegram premium windows
Related entities
15 techniques (mitre), 1 malware

Description

A malicious campaign using the domain 'telegrampremium[.]app' is distributing a new variant of malware. The fake site mimics the official platform and automatically downloads an executable file 'start.exe' upon access. This sophisticated information-stealing trojan can exfiltrate browser credentials, cryptocurrency wallet details, and system information. The malware employs various techniques for persistence, defense evasion, and data theft, including file system manipulation, registry modification, and clipboard operations. The campaign highlights the ongoing use of and social engineering for large-scale malware distribution, emphasizing the need for robust security measures and user awareness.

External references