Lumma Stealer

'''Lumma Stealer''' is an [[infostealer]] malware as a service program developed for [[Microsoft Windows]].

'''Lumma Stealer''' is an [[infostealer]] malware as a service program developed for [[Microsoft Windows]].

== Technical Overview ==

== Technical overview ==

Lumma Stealer is distributed by affiliates via a number of campaigns including [[phishing]] emails, malicious advertisements posing as legitimate downloads, and compromised websites. It is frequently associated with fake [[CAPTCHA]] pages, which prompt the user to paste a command into the [[Run command|run box]].<ref>{{Cite web |title=Behind the CAPTCHA: A Clever Gateway of Malware |url=https://www.mcafee.com/blogs/other-blogs/mcafee-labs/behind-the-captcha-a-clever-gateway-of-malware/}}</ref> It steals data from a number of programs including web browsers, crypto wallets and chat applications, as well as user files.<ref>{{Cite web |last= |first= |date=2025-05-21 |title=Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer |url=https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/ |access-date=2025-07-11 |website=Microsoft Security Blog |language=en-US}}</ref> The exfiltrated data is sent to number of hardcoded control servers, falling back to [[Telegram (software)|Telegram]], [[Dropbox]] and [[Steam (service)|Steam]] if the servers are unreachable.<ref>{{Cite web |last=Team |first=Cybereason Security Services |title=Your Data Is Under New Lummanagement: The Rise of LummaStealer |url=https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer |access-date=2025-07-11 |website=www.cybereason.com |language=en}}</ref>

Lumma Stealer is distributed by affiliates via a number of campaigns including [[phishing]] emails, malicious advertisements posing as legitimate downloads, and compromised websites. It is frequently associated with fake [[CAPTCHA]] pages, which prompt the user to paste a command into the [[Run command|run box]].<ref>{{Cite web |title=Behind the CAPTCHA: A Clever Gateway of Malware |url=https://www.mcafee.com/blogs/other-blogs/mcafee-labs/behind-the-captcha-a-clever-gateway-of-malware/}}</ref> It steals data from a number of programs including web browsers, crypto wallets and chat applications, as well as user files.<ref>{{Cite web |last= |first= |date=2025-05-21 |title=Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer |url=https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/ |access-date=2025-07-11 |website=Microsoft Security Blog |language=en-US}}</ref> The exfiltrated data is sent to number of hardcoded control servers, falling back to [[Telegram (software)|Telegram]], [[Dropbox]] and [[Steam (service)|Steam]] if the servers are unreachable.<ref>{{Cite web |last=Team |first=Cybereason Security Services |title=Your Data Is Under New Lummanagement: The Rise of LummaStealer |url=https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer |access-date=2025-07-11 |website=www.cybereason.com |language=en}}</ref>