CyberSecurityBoard
Sponsor Register Login

Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions

Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files disguised as legitimate PDFs, initiating multi-stage infection processes that compromise sensitive data. It is designed to exfiltrate a wide range of data, including browser credentials, cryptocurrency wallets, and sensitive files such as academic research or financial records. Once decrypted, the PowerShell script downloads and executes the Lumma Stealer binary from remote servers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The Lumma InfoStealer malware has been observed leveraging weaponized PDF documents to target educational institutions. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Organizations must implement proactive defenses like endpoint detection systems and user awareness programs to mitigate risks posed by deceptive phishing tactics and weaponized documents. These files, upon execution, trigger a PowerShell command that connects to a remote server, launching the infection chain. To evade detection, Lumma Stealer encrypts exfiltrated data and employs event-controlled write operations. The malware then scans the compromised system for files containing keywords like wallet.txt or passwords.pdf, targeting sensitive information. This command downloads and executes additional payloads, including the Lumma Stealer executable. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The attack begins with unsuspecting users downloading LNK files masquerading as academic or technical documents. Educational infrastructures, often less fortified against advanced cyberattacks, have become prime targets for this information-stealing malware. The PowerShell script is obfuscated and encrypted using AES in CBC mode, ensuring stealth during execution.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Feb 2025 15:55:12 +0000


Cyber News related to Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions

Data Protection in Educational Institutions - This article delves into the significance of data protection in educational institutions, emphasizing three key areas: the types of educational data, data privacy regulations, and data protection measures. Lastly, robust data protection measures are ...
1 year ago Securityzap.com
Securing Educational Robots: IoT Security in Robotics Education - As robotics continues to be integrated into educational settings, the use of educational robots powered by the Internet of Things presents exciting opportunities for enhancing learning experiences. With technological advancements come the critical ...
1 year ago Securityzap.com
Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions - Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files ...
2 days ago Cybersecuritynews.com
Biometric Security in Educational Environments - Biometric technology has gained significant attention in recent years as a potential solution to enhance security in educational environments. The adoption of biometric security in educational settings raises important privacy and ethical concerns. ...
1 year ago Securityzap.com
EdTech Evaluation: Choosing Secure Educational Software - The evaluation of EdTech tools for their security features is crucial in safeguarding data and maintaining a secure learning environment. An edtech security evaluation is essential to determine if the software adequately protects student and teacher ...
1 year ago Securityzap.com
Securing Student Data in Cloud Services - In today's educational landscape, securing student data in cloud services is of utmost importance. One key aspect of securing student data in cloud services is ensuring proper data encryption. This article explores the various challenges and best ...
1 year ago Securityzap.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
1 year ago Feeds.fortinet.com
Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com
Beware Weaponized YouTube Channels Spreading Lumma Stealer - Attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary ...
1 year ago Darkreading.com
Digital Transformation in the Financial Industry: The Role of Fintech - Fintech companies are providing innovative solutions to help customers save money and manage risk more effectively than ever before; they're also fueling innovation within traditional banks themselves by creating new products based on customer ...
1 year ago Hackread.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
1 year ago Techrepublic.com
Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
1 year ago Securityweek.com
Protecting Student Privacy Online - In the rapidly evolving world of online education, the protection of student privacy has emerged as a critical concern. This article delves into the privacy risks associated with online education and highlights the significance of complying with ...
1 year ago Securityzap.com
Strategies for Securing Student Data in Cloud Services - This article addresses the strategies that educational organizations can employ to ensure the protection and confidentiality of student data in cloud services. Implementing strong access controls is crucial for ensuring the security of student data ...
1 year ago Securityzap.com
New FrigidStealer infostealer infects Macs via fake browser updates - Windows users get an MSI installer that loads Lumma Stealer or DeerStealer, Mac users receive a DMG file that installs the new FrigidStealer malware, and Android users receive an APK file that contains the Marcher banking trojan. FakeUpdate ...
1 day ago Bleepingcomputer.com
Virustotal Shares New Ideas to Track Threat Actors - In a recent presentation at the FIRST CTI in Berlin and Botconf in Nice, VirusTotal unveiled innovative methods to track adversary activity by focusing on images and artifacts used during the initial stages of the kill chain. Traditionally, threat ...
8 months ago Cybersecuritynews.com
Beware! Hackers Use YouTube Channels Deliver Lumma Malware - Hackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:-. The popularity of YouTube also gives the threat actors the ability to evade general ...
1 year ago Gbhackers.com
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
9 months ago Infosecurity-magazine.com
The age of weaponized LLMs is here - It's exactly what one researcher, Julian Hazell, was able to simulate, adding to a collection of studies that, altogether, signify a seismic shift in cyber threats: the era of weaponized LLMs is here. The research all adds up to one thing: LLMs are ...
1 year ago Venturebeat.com
South St. Paul Public Schools Grapple with Ongoing Tech Disruption - South St. Paul Public Schools recently alerted families to ongoing technology disruption, shedding light on potential disruptions to online platforms, emails, and other digital services. Upon discovering the unusual activity, the district swiftly ...
11 months ago Cysecurity.news
Google password resets not enough to stop this malware The Register - Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. Developers of infostealer malware - mainly targeting Windows, it seems - have steadily implemented the ...
1 year ago Go.theregister.com
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware - Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code that can be executed when the user clicks on the shortcut. These weaponized files allow threat actors to perform ...
1 year ago Cybersecuritynews.com
Nim-Based Malware Delivered via Weaponized Word Document - Hackers use weaponized Word documents to deliver malicious payloads through social engineering. By embedding malware or exploiting vulnerabilities in these documents, attackers trick users into opening them and leading to the execution of malicious ...
1 year ago Gbhackers.com
Cookies Exploit Allows Persistent Access After Password Reset - A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts. A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that allows ...
1 year ago Gbhackers.com
Microsoft Edge to Use Adobe Acrobats PDF Rendering Technology - Microsoft and Adobe have joined forces to incorporate Adobe Acrobat's PDF rendering engine directly into the Edge browser, replacing the existing PDF engine. Starting in March 2023, new versions of Microsoft Edge for Windows 10 and Windows 11 will be ...
2 years ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)