The Lumma Stealer InfoStealer: The Details

The information stealers ecosystem continues to expand as we witness the ongoing maintenance and new capabilities in the latest stealers versions. 2023 was a good year for InfoStealers as they keep evolving along with exploiting the popular vulnerabilities from the last years to infiltrate targeted devices.

InfoStealer malware has become increasingly widespread, new business models are being introduced and new detection evasion capabilities are being implemented. Lumma Stealer was initially identified in August 2022 and is currently trending.

Lumma Stealer is specifically crafted to illicitly obtain sensitive data from compromised devices. This encompasses an array of information such as private browser data, browser extensions, configuration details for crypto wallet software, wallet contents, and even employing a grabber function to seize entire files based on specified patterns.

The malware is available for purchase through dark web forums, and the official lumma shop, which evidence shows is facilitated by the threat actor “Shamel”. Its pricing structure includes a standard version at $140 per month and an extended version at $160 per month.

Regarded as a potent menace for crypto users, Lumma Stealer targets web browsers, cryptocurrency wallets, 2FA extensions, and instant messaging services like Telegram to extract valuable data. The malware also boasts the capacity to introduce supplementary malware and execute additional commands using its Loader module.

Traced back to its initial identification in August 2022, Lumma Stealer has undergone subsequent updates and improvements. Engineered to elude detection, it poses a challenge when attempting to uncover and eradicate its presence from a compromised system.

Lumma Stealer Delivery Methods

Lumma Stealer can spread through various methods:

• Drive-by downloads, which sneakily install the malware when users visit compromised websites or click on harmful links
• Online scams, where fake software updates or antivirus programs trick users into unknowingly installing Lumma Stealer
• Spam emails and messages, where cybercriminals use attachments or links to put the malware on victims’ devices
• Bundled downloads, where Lumma Stealer is hidden within other software installs, like free or pirated apps, without users realizing it.

Lumma Stealer Impact

Lumma Stealer can have a significant negative impact on the security and privacy of affected systems. Based on available information, its potential consequences are as follows:

• The malware is designed to secretly steal sensitive data from compromised devices, including cookies, browsing histories, and typed keystrokes, which it then sends to a remote server. This stolen information can encompass personal details, login credentials, financial particulars, and other sensitive data.
• Once Lumma Stealer infiltrates a system, it can jeopardize overall security by creating backdoors, disabling protective software, and allowing unauthorized access to the system.
• It specifically targets cryptocurrency-related information, like wallets and authentication extensions, which could result in financial loss for users involved in cryptocurrencies.
• The theft of sensitive data can also lead to privacy breaches, exposing personal information and logins and potentially causing identity theft and unauthorized account access.
• Moreover, if Lumma Stealer compromises an organization’s systems and compromised sensitive client information, it can severely damage its reputation. This loss of trust may lead to reduced business and credibility.

Learn About Cyberint Threat Intelligence

To learn more about how our threat intelligence research helps protect businesses against ransomware and other risks, request a demo.

Lumma Stealer TTPs

A Sample of 50 Lumma Stealer IOCs