Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure
Essential information
- Published
- 17/02/2025 11:06
- Modified
- 17/02/2025 11:23
- Tags
- 2025-02-17 educational institutions information-stealing lnk files lumma stealer maas multi-stage infection pdf-themed phishing steam profiles
- Related entities
- 24 observables, 17 techniques (mitre), 1 malware, 7 others
Description
An ongoing malware campaign is distributing Lumma Stealer, an information-stealing malware, through malicious LNK files disguised as PDF documents. The campaign exploits compromised educational institutions' infrastructure to host these files. When executed, the LNK files initiate a multi-stage infection process, ultimately deploying Lumma Stealer on the victim's machine. The malware targets various industries, including education, finance, healthcare, and technology. It employs sophisticated evasion techniques, such as using Steam profiles for command-and-control operations. The campaign highlights the importance of user awareness and robust security measures to protect against this Malware-as-a-Service (MaaS) threat that steals sensitive data like passwords, browser information, and cryptocurrency wallet details.