Info Stealer

Lumma Stealer

First seen: 2022 • Status: active

Currently Active Threat

Lumma is a password-stealing service criminals can rent, constantly updated to steal the newest types of login information.

Overview

Lumma is a Malware-as-a-Service information stealer sold on underground forums. It steals browser data, cryptocurrency wallets, and 2FA extensions with continuous updates.

Also Known As

LummaC2, Lumma

How It Spreads

  • Malvertising
  • Fake CAPTCHA pages
  • Cracked software
  • YouTube descriptions

What It Does

  • Browser credential theft
  • Crypto wallet extraction
  • 2FA token theft
  • Session cookie stealing
  • Password manager targeting

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Lumma C2 patterns
  • Check for browser data access
  • Analyze clipboard monitoring
  • Review crypto wallet access

MITRE ATT&CK Techniques

T1555, T1539, T1528, T1005, T1189

If You're Infected

  1. 1.

    Remove Lumma from affected systems

  2. 2.

    Revoke all sessions and tokens

  3. 3.

    Reset all passwords

  4. 4.

    Move crypto assets to new wallets

Related Malware

Redline, Raccoon, Vidar

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices