216.73.217.80

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

· Published 14/11/2025 02:36 · Modified 14/11/2025 11:49

Export JSON

Essential information

Published
14/11/2025 02:36
Modified
14/11/2025 11:49
Tags
2025-11-14 browser fingerprinting command and control cybercriminal activity data exfiltration evasion techniques ghostsocks infostealer lumma stealer process injection
Related entities
3 observables, 1 intrusion sets (apt), 10 techniques (mitre), 2 malware

Description

Trend Research observed a resurgence in activity since October 20, 2025, accompanied by new behaviors and C&C techniques. The malware now employs as part of its command-and-control tactics, collecting and exfiltrating system, network, hardware, and browser data using JavaScript payloads and stealthy HTTP communications. These new behaviors enable to maintain operational continuity, assess victim environments, and evade detection. The malware continues to use techniques and maintains its core C&C communication structure while incorporating new fingerprinting capabilities. This hybrid approach serves multiple strategic purposes, including enhanced evasion, improved targeting, and detection avoidance.

External references