Increase in lumma stealer activity coincides with use of adaptive browser fingerprinting tactics

Intel Name: Increase in lumma stealer activity coincides with use of adaptive browser fingerprinting tactics

Date of Scan: November 20, 2025

Impact: High

Summary:
After an initial drop in activity following the doxxing of its alleged members, Lumma Stealer has recently surged in activity. Researchers observed new adaptive browser-fingerprinting tactics, where the malware uses JavaScript-based data collection and stealthy HTTP communication to gather detailed system, network, hardware, and browser information. These updates help Lumma Stealer maintain operations, choose follow-on actions based on the victim’s environment, and better evade detection.

More Details