Back to Business: Lumma Stealer Returns with Stealthier Methods
Essential information
- Published
- 23/07/2025 07:57
- Modified
- 23/07/2025 09:32
- Tags
- 2025-07-23 cracked software evasion tactics github abuse information stealer infrastructure lumma stealer malware-as-a-service social engineering
- Related entities
- 52 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware, 1 others
Description
Lumma Stealer, an information-stealing malware, has resurfaced shortly after its takedown in May 2025. The cybercriminals behind it are now employing more covert tactics and expanding their reach. The malware is being distributed through discreet channels and uses stealthier evasion techniques. Lumma Stealer can steal sensitive data such as credentials and private files, and is marketed as a malware-as-a-service. Users are lured to download it through fake cracked software, deceptive websites, and social media posts. The malware's infrastructure has been diversified, with a shift towards using Russian-based cloud services. Recent campaigns include fake crack downloads, ClickFix campaigns using fake CAPTCHA pages, GitHub repository abuse, and social media promotions.