The Reveal Platform
Intel Name: Fake telegram premium site distributes new lumma stealer variant
Date of Scan: August 14, 2025
Impact: Medium
Summary: A malicious campaign has been discovered using the fake domain ‘telegrampremium[.]app’ to impersonate the official Telegram Premium platform. The site delivers a file named ‘start.exe’ that contains a new variant of the Lumma Stealer malware. This sophisticated trojan can steal browser credentials, cryptocurrency wallet data, and system information. Alarmingly, the malware downloads automatically when the URL is accessed, without user interaction. The campaign highlights ongoing threats using brand impersonation and social engineering. Immediate blocking of the domain, endpoint scanning, and credential rotation are strongly advised.
