LummaC2 Malware and Malicious Chrome Extension Delivered

Tags

External References

• https://www.esentire.com/
• https://otx.alienvault.com/

Description

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. The extension manipulated browser activities, stole data like credentials and crypto wallets, and enabled remote control of infected systems. The infection chain showcased evasive tactics and the ability to dynamically alter web content, highlighting the importance of robust endpoint security, security awareness training, and secure software configurations.

Date