LummaStealer dropped via fake updates from itch.io and Patreon
Essential information
- Published
- 08/12/2025 17:25
- Modified
- 21/12/2025 18:49
- Tags
- 2025-12-08 anti-analysis fake updates indie games itch.io javascript obfuscation lummastealer nexe patreon
- Related entities
- 5 observables, 11 techniques (mitre), 1 malware, 1 others
Description
A malicious campaign targeting indie game platforms like Itch.io and Patreon has been discovered. Attackers are using newly created accounts to spam comments on legitimate games, claiming to offer game updates through Patreon links. These links lead to downloads containing LummaStealer malware. The malware uses multiple anti-analysis techniques, including checks for virtual machines, specific usernames, and processes associated with malware analysis. The payload is delivered through a nexe-compiled JavaScript file, which drops and loads a DLL containing the LummaStealer variant. Despite efforts to remove malicious accounts, new ones continue to appear, indicating an ongoing campaign.