The Fake Google Security Alert That Can Drain Your Passwords: Inside the ClickFix Cyberattack Sweeping the Web A sophisticated cyberattack campaign uses fake Google security verification pages to t...
#CybersecurityUpdate #ClickFix #attack #fake #Google […]
[Original post on webpronews.com]
Once-hobbled #LummaStealer is back with lures that are hard to resist
arstechnica.com/security/2026/02/once-ho...
#malware #Castleloader #Lumma #cybersecurity
Once-hobbled Lumma Stealer is back with lures that are hard to resist https://arstechni.ca #castleloader #infostealer #Security #clickfix #malware #Biz&IT #lumma
A screenshot of my blog post for the Lumma Stealer infection
Traffic from the Lumma Stealer infection filtered in Wireshark.
2026-01-01 (Thursday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the #Lumma #Stealer files, and a list of IOCs are available at www.malware-traffic-analysis.net/2026/01/01/i...
Screenshot of my blog post to share information on this Lumma Stealer infection with follow-up malware.
2025-12-30 (Tuesday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the associated #Lumma with follow-up #malware samples, and some IOCs are available at www.malware-traffic-analysis.net/2025/12/30/i...
Blow in and clear blend in a repaired Range Rover Lumma CLR RS.
##iwata ##axalta ##fyp #spraypainting ##spraypainter #lumma ##rangerover
Y en un giro de los acontecimientos, un grupo rival (de infostealer presumiblemente) ataca y expone a la luz las identidades y detalles de los miembros de #Lumma, con información tan sensible como datos bancarios o número de pasaporte. Esto se une al compromiso de las cuentas de Telegram del […]
Compromised YouTube Accounts Used to Distribute Infostealer Malware More than 3,000 malicious YouTube videos were used to distribute infostealer malware, according to a new report detailing the ope...
#Cyber #News #Firewall #Daily #infostealer #Lumma […]
[Original post on thecyberexpress.com]
Check Point Research scopre la YouTube Ghost Network: 3.000 video malevoli diffondono malware come Rhadamanthys e Lumma tramite tutorial falsi e crack software.
#CheckPointResearch #GhostNetwork #INFOSTEALER #Lumma #Rhadamanthys #Youtube
www.matricedigitale.it/2025/10/23/y...
Rede ‘Fantasma’ no YouTube: Milhares de vídeos com malware removidos pela Google
#Adobe #criptomoedas #Github #google #Lumma #malware #phishing #Photoshop #Roblox #segurança #servidores #software #tutoriais #youtube
Hackers usam blockchain para distribuir malware que rouba dados em Windows e macOS
#armazenamento #ataque #blockchain #browser #detetado #engenhariasocial #google #hackers #javascript #Lumma #macos #malware #payload #proxy #sem #servidor #software #windows #WordPress
~Elastic~
Elastic details its nightMARE library for malware analysis, demonstrating C2 extraction from Lumma Stealer.
-
IOCs: mocadia. com, mastwin. in, ordinarniyvrach. ru
-
#Lumma #MalwareAnalysis #ThreatIntel
#CyberNews
🚨 Arriva anche in Italia l’attacco #ClickFix, che mira a distribuire infostealer #Lumma, con una interessante caratteristica:
▪️ il payload si trova dentro la #blockchain, uno smart contract in mano ai criminali;
Si fa strada tra Wordpress vulnerabili di siti ad alto traffico ⬇️
🚨 #ThreatIntel: Operators of #Lumma Stealer warn that their former contacts (@lummanowork / @lummaseller128) are no longer valid — accounts deleted & usernames hijacked.
#infosec
Malicious WhiteCobra VSCode Extensions Deploy Lumma Stealer
Researchers uncovered that at least 24 malicious VS Code extensions were published on the Visual Studio Marketplace and Open VSX Registry, delivering Lumma stealer to Windows and macOS machines. Read more: getnews.me/malicious-whitecobra-vsc... #vscode #lumma
WhiteCobra infiltra 24 estensioni VSCode e Cursor con LummaStealer, rubando crypto e segreti. Campagna, caso zak.eth e difese tecniche.
#Cursor #Lumma #LummaStealer #OpenVSX #VSCode #WhiteCobra
www.matricedigitale.it/2025/09/15/w...
August 2025 Detection Highlights: 9 New VTIs, 20+ YARA Rules, and More Advanced Malware Insights The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware d...
#detection #updates #CryptBot #lumma #phishing #Rhaamanthys #StealC #v2
Origin | Interest | Match
The downloaded file is always named “fix.zip”, which contains “x86_64-w64-ranlib.exe” and “msvcp140.dll”. If the executable is run, it launches #Lumma via “msbuild.exe”.
🚨 Lumma Stealer resurfaces on the dark web.
🕊 Update 30.08:
1️⃣ App-based upload support
2️⃣ Enhanced cleaning for Win10/11 + Cloud
#infosec #threatintel #lumma
This first-of-its-kind analysis from @julianferdinand.bsky.social
highlighted a plethora of enabling services used by #Lumma affiliates to conduct their operations, including bulletproof hosting services such as anonrdp, which operates in plain sight.
🔎 A day in the life of a #Lumma malware operator... this is a must-read! 💪
Screenshot of a Facebook post that linked to a page providing the password-protected 7-zip archive for Lumma Stealer. The archive is named "NCH Debut Video Capture Software Pro 11.2 Beta Crack full version.7z" in an attempt to disguise it as a software crack.
Extracting a malicious Windows executable file that will install Lumma Stealer from the password-protected 7-zip archive. The extracted file is named "NCH Debut Video Capture Software Pro 11.2 Beta Crack full version.exe" in an attempt to disguise it as a software crack.
![Traffic from the Lumma Stealer infection after running "NCH Debut Video Capture Software Pro 11.2 Beta Crack full version.exe" on a vulnerable Windows host. Note the unusual DNS query for iUlWkftUnbTjqPSDLGsNPpSG.iUlWkftUnbTjqPSDLGsNPpSG that happened before the HTTPS Lumma Stealer C2 traffic to secrequ[.]top.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:v3kgm6hujff4gbxies5vwbnb/bafkreiatyraputlzakadve2gzcydsdu7fffker5qmif57dzjrr5boxqlya)
Traffic from the Lumma Stealer infection after running "NCH Debut Video Capture Software Pro 11.2 Beta Crack full version.exe" on a vulnerable Windows host. Note the unusual DNS query for iUlWkftUnbTjqPSDLGsNPpSG.iUlWkftUnbTjqPSDLGsNPpSG that happened before the HTTPS Lumma Stealer C2 traffic to secrequ[.]top.
Files seen from the Lumma Stealer infection in the user's AppData\Local\Temp directory. The .a3x file for Lumma Stealer wasn't on the disk when I conducted forensic analysis on the infected host. Note that the file names and file extension (.midi) will be different if I try the same type of infection run again tomorrow.
2025-08-13 (Wednesday): #LummaStealer infection. The associated #malware, artifacts, a #pcap of the #Lumma Stealer traffic, and indicators of compromise are available at www.malware-traffic-analysis.net/2025/08/13/i...
2025-08-01 (Friday): Some info on a #LummaStealer example I found today:
github.com/malware-traf...
#Lumma
Seems like quite some internal systems were infected by InfoStealers.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
#BREAKING #ESETresearch can confirm the news of #Lumma Stealer's revival. ESET telemetry and botnet tracking show that operators are rebuilding their infrastructure, with their renewed activity reaching similar levels to those before the #disruption in May 2025. 1/6
Lumma Stealer Malware Returns After Takedown Attempt The Lumma Stealer is back after Microsoft and law enforcement took action to significantly disrupt the malware’s infrastructure. The post Lumm...
#Malware #& #Threats #Lumma #Stealer #malware #Resurge #return #takedown
Origin | Interest | Match
Lumma infostealer malware returns after law enforcement disruption The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of... @cosmicmeta.ai #Lumma
https://u2m.io/uQpyZtnD
