2 weeks Ago
Beware the Lumma Stealer threat. Can the infostealer threat ever be stopped? That’s a question that is haunting me right now, to be honest, and a new malware analysis report is doing little to lift my mood. As if things weren’t bad enough already, with 800 million compromised passwords listed in criminal forums, a million Windows devices recently infected by the malicious curse and even the tech giants falling victim.
Whether it is your passwords, 2FA codes or other data, infostealer malware can strike in as little as 10 seconds flat . Now, researchers have warned that one of the biggest culprits, Lumma Stealer, is increasingly difficult to detect. Predicting a surge in Lumma Stealer attacks will continue throughout 2025, Mayuresh Dani, security research manager at the Qualys Threat Research Unit, warned that the malware “recently underwent updates where, rather than stealing information all at once, the stealer now assembles and exfiltrates each piece of information as it is obtained.
” This makes Lumma far stealthier and hence more resilient against detection. What’s more, Dani explained, other infostealers, such as the notorious Redline Stealer, have been out of action since late last year, which has resulted in “threat actors turning towards Lumma Stealer.” Once you understand that Lumma Stealer has a myriad of information-stealing capabilities, including the targeting of cryptocurrency wallets, user credentials, and 2FA codes, the release of an April 21 report from Trellix analysts is all the more concerning.
Lumma Stealer “constantly adapts its TTPs and payloads to bypass security defenses,” Mohideen Abdul Khader, a security researcher at the Trellix Advanced Research Center and author of the report, said. Lumma is designed to detect virtual and sandbox environments, Khader explained, allowing it to avoid detection by security systems. The latest updated versions employ code flow obfuscation, and anyone with a technical leaning is advised to read the full report for the details.
A second report , this time authored by Mathias Sigrist, a senior detection engineer on the threat detection team at Ontinue, has explored ways to help automate detection of the threat. While focusing on Ontinue detection platforms, the report is still an interesting read for anyone wanting to know more about the infostealer threat. “One of the biggest reasons for the surge in Lumma Stealer malware attacks is that it is pressing on a weakness in the cybersecurity industry’s approach to detection engineering,” John Bambenek, president at Bambenek Consulting, said.
Bembenek is referring to the fact that writing detections on single events or log entries is an insufficient default. “Defenders need to start looking at multiple events to create alerts or they’ll simply be missing attacks,” Bambenek concluded, neatly rounding upon just why the infostealer threat is likely to get worse, much worse, before it gets better..
