Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA
Essential information
- Published
- 21/10/2024 15:16
- Modified
- 21/10/2024 16:24
- Tags
- 2024-10-21 cryptocurrency data exfiltration fake captcha fileless information-stealing lumma stealer maas powershell process-hollowing
- Related entities
- 23 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware
Description
Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, process hollowing, and the abuse of Windows tools like mshta.exe. Lumma Stealer targets sensitive data, including passwords, browser information, and cryptocurrency wallet details. The campaign analysis reveals the malware's deceptive methods, from initial infection to data exfiltration. The threat actors utilize Content Delivery Networks for payload delivery and command and control servers for data exfiltration.