LummaC2 Malware and Malicious Chrome Extension Delivered

216.73.216.36

LummaC2 Malware and Malicious Chrome Extension Delivered

· Published 09/09/2024 09:34 · Modified 09/09/2024 09:52

Essential information

Published: 09/09/2024 09:34
Modified: 09/09/2024 09:52
Tags: 2024-09-09 browser control credentials crypto extension lummac2 malware remote stealer
Related entities: 7 observables, 1 techniques (mitre), 1 malware

Description

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. The extension manipulated browser activities, stole data like credentials and crypto wallets, and enabled remote control of infected systems. The infection chain showcased evasive tactics and the ability to dynamically alter web content, highlighting the importance of robust endpoint security, security awareness training, and secure software configurations.