This analysis reveals the complex operations of Lumma affiliates within a vast information-stealing ecosystem. Affiliates utilize various tools and services, including proxy networks, VPNs, anti-detect browsers, and crypting services. The investigation uncovered previously undocumented tools and showed that affiliates often run multiple schemes simultaneously, such as rental scams, while also using other infostealers like Vidar, Stealc, and Meduza Stealer. Lumma affiliates are deeply integrated into the cybercriminal ecosystem, leveraging underground forums for resources, marketplaces, and operational support. The analysis highlights the resilience of Lumma's infrastructure and the challenges in disrupting such decentralized cybercriminal networks.