#lumma — Public Fediverse posts

2026-01-01 (Thursday): #LummaStealer infection with follow-up malware.

A #pcap of the infection traffic, the #Lumma #Stealer files, and a list of IOCs are available at https://www.malware-traffic-analysis.net/2026/01/01/index.html

Lumma Stealer C2 domain: offenms[.]cyou

The follow-up malware is using memory-scanner[.]cc for its C2 traffic, just like I saw on 2025-12-30. But this follow-up malware also used another C2 domain: communicationfirewall-security[.]cc

2025-12-30 (Tuesday): #LummaStealer infection with follow-up malware.

A #pcap of the infection traffic, the associated #Lumma with follow-up #malware samples, and some IOCs are available at www.malware-traffic-analysis.net/2025/12/30/index.html

I don't know what the follow-up malware is, but unlike Lumma Stealer, the follow-up malware was made persistent.

Big thanks to VirusTotal on this, because I was able to grab VirusTotal's CAPE Sandbox analysis of the Lumma Stealer sample, and it shows the URLs from the HTTPS traffic that I can't get in my lab.

If anyone knows what the follow-up malware is, please share that info!

Vidar Stealer 2.0 Boosts Infostealer’s Credential Theft and Evasion Capabilities https://thecyberexpress.com/vidar-stealer-2-0-infostealer/ #TheCyberExpressNews #ThreatIntelligence #CredentialAttacks #LummaInfostealer #VidarInfostealer #TheCyberExpress #FirewallDaily #infostealer #cybercrime #CyberNews #Lumma #Vidar

Hackers usam blockchain para distribuir malware que rouba dados em Windows e macOS
🔗 https://tugatech.com.pt/t73114-hackers-usam-blockchain-para-distribuir-malware-que-rouba-dados-em-windows-e-macos

#armazenamento #ataque #blockchain #browser #detetado #engenhariasocial #google #hackers #javascript #Lumma #macos #malware #payload #proxy #sem #servidor #software #windows #WordPress 

Behind the Curtain: How Lumma Affiliates Operate
#Lumma #GhostSocks #AnonRDP #BulletproofHosting #HostCay #OnlineSIM #SMS_Activate #Zadarma
https://www.recordedfuture.com/research/behind-the-curtain-how-lumma-affiliates-operate

Scammers Compromised by Own Malware, Expose $4.67M Operation https://hackread.com/scammers-compromised-by-malware-expose-operation/ #Cybersecurity #Infostealer #CyberCrime #CloudSEK #Pakistan #Malware #Privacy #Piracy #Lumma #AMOS #Scam

Scammers Compromised by Own Malware, Expose $4.67M Operation https://hackread.com/scammers-compromised-by-malware-expose-operation/ #Cybersecurity #Infostealer #CyberCrime #CloudSEK #Pakistan #Malware #Privacy #Piracy #Lumma #AMOS #Scam

Scammers Compromised by Own Malware, Expose $4.67M Operation https://hackread.com/scammers-compromised-by-malware-expose-operation/ #Cybersecurity #Infostealer #CyberCrime #CloudSEK #Pakistan #Malware #Privacy #Piracy #Lumma #AMOS #Scam

Scammers Compromised by Own Malware, Expose $4.67M Operation https://hackread.com/scammers-compromised-by-malware-expose-operation/ #Cybersecurity #Infostealer #CyberCrime #CloudSEK #Pakistan #Malware #Privacy #Piracy #Lumma #AMOS #Scam

Scammers Compromised by Own Malware, Expose $4.67M Operation – Source:hackread.com https://ciso2ciso.com/scammers-compromised-by-own-malware-expose-4-67m-operation-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Infostealer #CyberCrime #CloudSEK #Hackread #Pakistan #malware #privacy #Piracy #Lumma #AMOS #Scam

Scammers Compromised by Own Malware, Expose $4.67M Operation – Source:hackread.com https://ciso2ciso.com/scammers-compromised-by-own-malware-expose-4-67m-operation-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Infostealer #CyberCrime #CloudSEK #Hackread #Pakistan #malware #privacy #Piracy #Lumma #AMOS #Scam

Scammers Compromised by Own Malware, Expose $4.67M Operation – Source:hackread.com https://ciso2ciso.com/scammers-compromised-by-own-malware-expose-4-67m-operation-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Infostealer #CyberCrime #CloudSEK #Hackread #Pakistan #malware #privacy #Piracy #Lumma #AMOS #Scam

Scammers Compromised by Own Malware, Expose $4.67M Operation – Source:hackread.com https://ciso2ciso.com/scammers-compromised-by-own-malware-expose-4-67m-operation-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Infostealer #CyberCrime #CloudSEK #Hackread #Pakistan #malware #privacy #Piracy #Lumma #AMOS #Scam

GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine – Source:hackread.com https://ciso2ciso.com/github-abused-to-spread-amadey-lumma-and-redline-infostealers-in-ukraine-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #CyberAttack #SmokeLoader #Emmenhtal #AsyncRAT #Hackread #security #malware #Redline #Ukraine #Amadey #GitHub #Python #Lumma

GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine https://hackread.com/github-abused-amadey-lumma-redline-infostealers-ukraine/ #Cybersecurity #CyberAttacks #CyberAttack #SmokeLoader #Emmenhtal #Security #AsyncRAT #Malware #Redline #Ukraine #Amadey #GitHub #Python #Lumma

2025-07-15 (Tuesday): #LummaStealer infection with #SecTopRAT.

A #pcap of the #Lumma traffic and #SecTop #RAT activity, the #malware/artifacts from an infection, and the associated IOCs are available at https://www.malware-traffic-analysis.net/2025/07/15/index.html

Leaked Shellter Elite Tool Now Fueling Infostealer Attacks Worldwide https://hackread.com/leaked-shellter-elite-tool-infostealer-attacks-worldwide/ #Cybersecurity #ShellterElite #CyberAttacks #ArechClient2 #Rhadamanthys #CyberAttack #Infostealer #CyberCrime #Security #security #Lumma

Leaked Shellter Elite Tool Now Fueling Infostealer Attacks Worldwide – Source:hackread.com https://ciso2ciso.com/leaked-shellter-elite-tool-now-fueling-infostealer-attacks-worldwide-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #ShellterElite #ArechClient2 #CyberAttacks #Rhadamanthys #CyberAttack #Infostealer #CyberCrime #Hackread #security #Lumma

Lumma Stealer – Tracking distribution channels – Source: securelist.com https://ciso2ciso.com/lumma-stealer-tracking-distribution-channels-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

Lumma Stealer – Tracking distribution channels – Source: securelist.com https://ciso2ciso.com/lumma-stealer-tracking-distribution-channels-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

Lumma Stealer – Tracking distribution channels – Source: securelist.com https://ciso2ciso.com/lumma-stealer-tracking-distribution-channels-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

Lumma Stealer – Tracking distribution channels – Source: securelist.com https://ciso2ciso.com/lumma-stealer-tracking-distribution-channels-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.

Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0

#ClearFake / #ClickFix is back infecting directly legit but vulnerable websites, delivering in the end #Lumma / #LummaStealer

We were thrilled when Guardio reached out to us about malvertising domains they were seeing, we love cross-industry collaboration! Their recent report covering a malicious, fake captcha advertising campaign delivering Lumma malware can be found here https://labs.guard.io/deceptionads-fake-captcha-driving-infostealer-infections-and-a-glimpse-to-the-dark-side-of-0c516f4dc0b6.

#threatintel #dns #cybersecurity #InfobloxThreatIntel #Infoblox #cybercrime #infosec #tds #omnatuor #vaneviper #malware #lumma #infostealer

Hello again, FakeBat: popular loader returns after months-long hiatus https://www.malwarebytes.com/blog/cybercrime/2024/11/hello-again-fakebat-popular-loader-returns-after-months-long-hiatus #malvertising #Cybercrime #GoogleAds #fakebat #lummaC2 #malware #lumma

CapLoader wasn’t designed as an alternative to a traditional NIDS, but the Alerts tab often gives a VERY good overview of the malicious traffic. Here’s a screenshot of CapLoader’s alerts for some recent PCAP files from malware-traffic-analysis.net.

#Lumma #GootLoader #AgentTesla #RURAT #Remcos #RedLine #BackConnect

New LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Data https://hackread.com/lummac2-malware-variant-powershell-obfuscation-steal-data/ #Cybersecurity #Security #security #Malware #LummaC2 #Lumma

網路捷徑檔案安全機制繞過漏洞遭到利用超過一年，攻擊者用於散布數種竊資軟體 | iThome

Link

A #SexToy marketed under "Spencer’s #Sexology #Pussy Power 8-Function Rechargeable Bullet #Vibrator" was infected with #Lumma #malware
http://bit.ly/4bToNPh
#LummaC2 Stealer is an information stealer that started to being distributed as Malware-As-A-Service (#MaaS) around 2022 Aug and coded by #Shamel
#Lumma targets #CryptoCurrency wallets
as #internet browser extensions
and with #2FA -two-factor authentication-

📬 Fake ChatGPT-Apps verteilen Malware für Android und Windows
#KünstlicheIntelligenz #Malware #Android #Aurora #ChatGPT #ChatGPTApps #ChatGPTPlus #GooglePlayStore #Infostealer #Lumma #RedLine #windows https://tarnkappe.info/artikel/malware/fake-chatgpt-apps-verteilen-malware-fuer-android-und-windows-265876.html