Lumma Stealer Malware Thrives as Unique Patterns Uncovered in the Infostealer's Domain Clusters

Description

Recent research reveals Lumma Stealer command and control domain clusters share specific technical characteristics, enabling mapping of entire infrastructure clusters. The infostealer's logs are being shared for free on Leaky[.]pro, a new hacking forum, offering billions of stolen credential records. There's an alarming increase in malware spread via malicious YouTube links and infected files disguised in videos, comments, or descriptions. Lumma Stealer infections typically enable more extensive attacks, including ransomware deployment and espionage operations. The malware targets multiple Windows versions, stealing sensitive information like login credentials, browser data, chat logs, and cryptocurrency wallet details. Distribution methods include malvertising on popular search engines and malspam with harmful attachments. Threat actors register clusters of 10-20 domains at a time, some used immediately while others age for up to two weeks.