How Lumma Stealer sneaks into organizations
Essential information
- Published
- 21/04/2025 17:31
- Modified
- 21/04/2025 22:51
- Tags
- 2025-04-21 anti-analysis autoit cryptocurrency theft fake captcha information stealer lumma stealer obfuscation powershell
- Related entities
- 15 observables, 1 intrusion sets (apt), 6 techniques (mitre), 1 malware, 4 others
Description
Lumma Stealer, a sophisticated information-stealing malware, has gained prominence in cybercriminal circles since 2022. It employs various distribution methods, with fake CAPTCHA pages being a notable vector. These pages mimic legitimate services and trick users into executing malicious commands. The malware uses complex infection chains involving PowerShell scripts, JavaScript, and AutoIt components to evade detection. Once installed, Lumma Stealer targets a wide range of sensitive data, including cryptocurrency wallets, browser credentials, and financial information. The malware's stealthy execution and anti-analysis techniques make it a significant threat to both individuals and organizations.