Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Tags

External References

• https://blog.qualys.com/
• https://otx.alienvault.com/

Description

Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, process hollowing, and the abuse of Windows tools like mshta.exe. Lumma Stealer targets sensitive data, including passwords, browser information, and cryptocurrency wallet details. The campaign analysis reveals the malware's deceptive methods, from initial infection to data exfiltration. The threat actors utilize Content Delivery Networks for payload delivery and command and control servers for data exfiltration.

Date