Screesnhot of the page from my blog with the traffic, malware files, and indicators of compromise for this Lumma Stealer infection.

Downloading the initial zip archive for this malware.

Extracting the malware EXE from the nested archive files.

Traffic from an infection filtered in Wireshark.

2025-09-24 (Wednesday): #LummaStealer infection with follow-up malware, possibly #Ghostsocks or #GoBackdoor. A #pcap of the infection traffic, malware samples, and list of indicators available at www.malware-traffic-analysis.net/2025/09/24/i...