Deceptive Cracked Software Spreads Lumma Variant on YouTube [Tuesday, January 09, 2024]

Lumma Stealer targets sensitive information, including user credentials, system details, browser data, and extensions. It has been advertised on th...
Deceptive Cracked Software Spreads Lumma Variant on YouTube [Tuesday, January 09, 2024]
Deceptive Cracked Software Spreads Lumma Variant on YouTube
Report

Deceptive Cracked Software Spreads Lumma Variant on YouTube

Description :
Lumma Stealer targets sensitive information, including user credentials, system details, browser data, and extensions. It has been advertised on the dark web and a Telegram channel since 2022, with over a dozen observed command-and-control (C2) servers in the wild and multiple updates. Figure 1 shows Lumma Stealer's C2 server telemetry, illustrating a global presence with a peak observed in December.

Published Created Modified
2024-01-09 21:47:23 2024-01-09 21:47:23 2024-01-09 21:53:00

Tags

Indicators

IPv4s :
  • 176.113.115.227
  • 176.113.115.232
  • 176.113.115.224
  • 176.113.115.226
  • 176.113.115.229
Domains :
  • politefrightenpowoa.pw
  • chincenterblandwka.pw
  • opposesicknessopw.pw
Hashes :
  • 483672a00ea676236ea423c91d576542dc572be864a4162df031faf35897a532
  • 7603c6dd9edca615d6dc3599970c203555b57e2cab208d87545188b57aa2c6b1
  • 48cbeb1b1ca0a7b3a9f6ac56273fbaf85e78c534e26fb2bca1152ecd7542af54
  • 01a23f8f59455eb97f55086c21be934e6e5db07e64acb6e63c8d358b763dab4f
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.