CyberSecurityBoard
Sponsor Register Login

Lumma Stealer Via Fake Cracked Software Steals Login Credentials and Private Files - Cyber Security News

Security teams must combine user education about pirated software with behavioral telemetry that flags suspicious child-process creation and outbound TLS beacons to unfamiliar domains if they hope to close the window that Lumma Stealer so deftly exploits. If hardware, locale, and security controls look profitable, the site serves a password-protected ZIP containing an innocuous-looking executable or PowerShell script engineered to bootstrap Lumma Stealer, all while evading casual inspection. Trend Micro analysts also identified a parallel push on GitHub and social platforms: automatically generated repositories advertise “HWID spoofers” or “Photoshop 2025 full crack,” yet the only release asset is the Lumma payload. Trend Micro researchers noted that June and July telemetry showed a rebound to pre-takedown volumes of targeted accounts, underlining both the malware’s resilience and the scale of users still hunting for pirated apps. In its new incarnation, Lumma is most often packaged inside counterfeit installers for sought-after software, luring users who search for “cracks,” “keygens,” or game cheats into downloading the Trojan instead of the promised free tool. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Corporate accounts protected by multifactor authentication are not immune; stolen cookies often bypass login prompts, giving intruders immediate access to email, collaboration portals, or source-code repositories. Within weeks, telemetry again lit up with fresh command-and-control (C2) beacons, revealing that the information-stealing malware had swapped overt marketplace promotion for quieter channels while expanding its victim base. The consequences are severe, as they once executed, Lumma harvests browser cookies, crypto-wallet files, and cloud-storage session tokens, then exfiltrates them via an encrypted C2 channel. Victims are told to press Win + R and run a single-line PowerShell command, unwittingly spawning an in-memory loader that performs an XOR decrypt of an embedded .NET assembly—Lumma itself—then calls its entry point without ever touching the filesystem. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Jul 2025 20:55:08 +0000


Cyber News related to Lumma Stealer Via Fake Cracked Software Steals Login Credentials and Private Files - Cyber Security News

Lumma Stealer Via Fake Cracked Software Steals Login Credentials and Private Files - Cyber Security News - Security teams must combine user education about pirated software with behavioral telemetry that flags suspicious child-process creation and outbound TLS beacons to unfamiliar domains if they hope to close the window that Lumma Stealer so deftly ...
3 months ago Cybersecuritynews.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
1 year ago Feeds.fortinet.com
Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques - “The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware ...
6 months ago Cybersecuritynews.com Kimsuky
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
1 year ago Techrepublic.com
Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com
Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs - Upon extraction, victims encounter a Nullsoft Scriptable Install System (NSIS) installer, typically named setup.exe or set-up.exe, which executes the Lumma payload packed with the CypherIT crypter—a tool designed to obfuscate malware signatures and ...
3 months ago Cybersecuritynews.com
Lumma Stealer Exploits Fake CAPTCHA Pages to Harvest Sensitive Data - Organizations should implement robust endpoint protection solutions and user awareness training to mitigate the risk posed by this increasingly prevalent threat, as even corporate environments have fallen victim to Lumma Stealer infections that may ...
6 months ago Cybersecuritynews.com
Tax Season Alert: Common scams and cracked software - OpenText is committed to providing you with the latest intelligence and tips to safeguard your digital life, especially during high-risk periods like tax season. Our threat analysts are constantly monitor the ebb and flow of various threats. One ...
1 year ago Webroot.com
Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions - Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files ...
8 months ago Cybersecuritynews.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
4 months ago Cybersecuritynews.com
Beware Weaponized YouTube Channels Spreading Lumma Stealer - Attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary ...
1 year ago Darkreading.com
New Android Malware 'Salvador Stealer' That Phish & Steals Your Banking Details & OTPs - Cybersecurity researchers have discovered a sophisticated new Android malware called “Salvador Stealer” that targets banking credentials and one-time passwords (OTPs) through an elaborate phishing scheme. Once active, Salvador Stealer ...
7 months ago Cybersecuritynews.com
Lumma Password Stealer Attack Infection Chain and Its Escalation Tactics Uncovered - WithSecure analysts identified Lumma during their analysis of open source samples between February and March 2025, revealing the malware’s sophisticated three-stage infection process. This massive infection rate prompted coordinated ...
3 months ago Cybersecuritynews.com
Octalyn Stealer Steals VPN Configurations, Passwords and Cookies in Structured Folders - A sophisticated new credential stealer disguised as a legitimate forensic toolkit has emerged on GitHub, targeting sensitive user data including VPN configurations, browser credentials, and cryptocurrency wallet information. The Octalyn Stealer, ...
3 months ago Cybersecuritynews.com
Lumma Stealer Vacuum-Filled with Vidar 2 - The cybersecurity landscape has witnessed the emergence of a new variant of the Lumma stealer, now enhanced with capabilities from Vidar 2, a notorious malware family. This evolution marks a significant escalation in the threat posed by information ...
3 weeks ago Infosecurity-magazine.com
Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
1 year ago Darkreading.com
Threat Actors Leveraging Reddit Posts To Actively Spread AMOS and Lumma Stealers - The malicious actors are distributing two dangerous data stealers—AMOS for macOS users and Lumma Stealer for Windows users—through seemingly helpful posts on cryptocurrency trading subreddits. The scammers employ social engineering tactics by ...
7 months ago Cybersecuritynews.com
New Germlin Stealer Advertised on Hacker Forums Steals Credit Card Data & Login Credentials - Cyber Security News - For credit card data theft, Gremlin Stealer employs specialized functions that target stored payment information across multiple browsers. First spotted being advertised on underground forums and Telegram channels, Gremlin Stealer represents a ...
6 months ago Cybersecuritynews.com
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
6 months ago Cybersecuritynews.com
Vidar Stealer With New Deception Technique to Steal Browser Cookies & Stored Credentials - Vidar Stealer, an information-stealing malware first identified in 2018, has evolved with a sophisticated new deception technique targeting cybersecurity professionals and system administrators. G Data security researchers identified an unusual Vidar ...
7 months ago Cybersecuritynews.com
Atomic Stealer Disguised as Cracked Software: A New Threat to Users - Atomic Stealer is a newly identified malware that masquerades as cracked software to deceive users into installing it. This malicious software is designed to steal sensitive information from infected systems, including credentials, financial data, ...
2 months ago Cybersecuritynews.com
New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands - Cyber Security News - The LUMMAC.V2 campaign represents a significant threat not only due to its extensive data theft capabilities but also because it exploits human behavior rather than technical vulnerabilities, making traditional security measures less effective at ...
6 months ago Cybersecuritynews.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
1 year ago Thehackernews.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
1 year ago Infosecurity-magazine.com
Hackers are Using ClickFix Techniques to Deliver NetSupport RAT, Latrodectus and Lumma Stealer Malware - Cyber Security News - A carefully crafted landing page instructs victims to open the Run dialog (Win+R) and paste an injected PowerShell command, which subsequently downloads a ZIP archive containing a malicious DLL loader. At the heart of the ClickFix vector is ...
3 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)