CyberSecurityBoard
Sponsor Register Login

Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques

“The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware beyond Lumma Stealer. Lumma Stealer, a notorious information-stealing malware active since mid-2022, has significantly evolved its tactics, techniques, and procedures in recent months. The malware employs sophisticated obfuscation techniques, including the use of initialization vectors and complex decryption routines, to evade traditional security measures. What makes Lumma particularly dangerous is its sophisticated delivery techniques, which have recently expanded to include social engineering through fake CAPTCHA challenges and deceptive download prompts. In this attack chain, victims visiting malicious sites are presented with a standard “I’m not a robot” verification prompt, creating a false sense of security and legitimacy. North Korean-linked advanced persistent threat (APT) group Kimsuky has deployed sophisticated new phishing tactics and malware payloads in targeted attacks observed in March 2025. Sophos researchers identified multiple Lumma Stealer campaigns during fall and winter 2024-25, documenting how the malware’s tactics have evolved to evade detection. The script retrieves additional malware components from command-and-control servers, ultimately downloading, extracting, and executing the core Lumma Stealer payload. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These methods exploit user trust in familiar security verification processes, tricking victims into executing malicious commands on their own systems. Believed to originate from Russian-speaking cybercriminals, this malware continues to be distributed as a Malware-as-a-Service (MaaS) offering, with its developers providing regular updates and support via Telegram channels and a dedicated Gitbook site. The malware primarily targets valuable user data including passwords, session tokens, cryptocurrency wallets, and personal information from compromised devices. Security experts recommend implementing robust endpoint protection solutions with behavioral analysis capabilities, as signature-based detection alone proves inadequate against these evolving threats. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Once active, this malware systematically accesses browser data, as evidenced in Figure 6 where Autolt3.exe can be seen accessing login data and cookies from Chrome.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 12 May 2025 15:30:09 +0000


Cyber News related to Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques

Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques - “The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware ...
1 month ago Cybersecuritynews.com Kimsuky
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
1 year ago Feeds.fortinet.com
Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 months ago Cybersecuritynews.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
1 year ago Techrepublic.com
Beware Weaponized YouTube Channels Spreading Lumma Stealer - Attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary ...
1 year ago Darkreading.com
Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions - Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files ...
4 months ago Cybersecuritynews.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Lumma Stealer Exploits Fake CAPTCHA Pages to Harvest Sensitive Data - Organizations should implement robust endpoint protection solutions and user awareness training to mitigate the risk posed by this increasingly prevalent threat, as even corporate environments have fallen victim to Lumma Stealer infections that may ...
2 months ago Cybersecuritynews.com
Operation RusticWeb Using PowerShell Commands to filtrate Doc - Hackers use PowerShell commands because they provide a powerful scripting environment on Windows systems, allowing them to stealthily execute malicious scripts and commands called Operation RusticWeb. The PowerShell's capabilities make it an ...
1 year ago Gbhackers.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
8 months ago Thehackernews.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
1 year ago Darkreading.com
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
1 year ago Bleepingcomputer.com
New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
1 year ago Infosecurity-magazine.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
2 months ago Cybersecuritynews.com
New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload - Cyber Security News - This updated strain employs PowerShell scripts embedded within Windows shortcut (LNK) files to bypass traditional detection mechanisms, demonstrating a concerning evolution in attack methodologies. eSentire’s Threat Response Unit (TRU) first ...
2 months ago Cybersecuritynews.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Lumma Stealer Launch "Click Fix" Style Attack via Fake Google Meet & Windows Update Sites - The “click fix” distribution method involves malicious web pages that display instructions for users to open a run window, paste a preloaded PowerShell script from their clipboard, and execute it. Recent Palo Alto research investigations ...
3 months ago Cybersecuritynews.com
New Germlin Stealer Advertised on Hacker Forums Steals Credit Card Data & Login Credentials - Cyber Security News - For credit card data theft, Gremlin Stealer employs specialized functions that target stored payment information across multiple browsers. First spotted being advertised on underground forums and Telegram channels, Gremlin Stealer represents a ...
1 month ago Cybersecuritynews.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
2 months ago Cybersecuritynews.com
Chihuahua Stealer Leverages Google Drive Document to Steal Browser Login Credentials - A newly discovered .NET-based infostealer dubbed “Chihuahua Stealer” has emerged as a significant threat, exploiting Google Drive documents to deliver malicious PowerShell scripts and steal sensitive data. Organizations are advised to ...
1 month ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
2 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)