Intel Name: Lumma stealer, coming and going
Date of Scan: May 15, 2025
Impact: High
Summary: Lumma Stealer, active since mid-2022, is a Russian-origin infostealer sold via a Malware-as-a-Service model on Telegram. It targets credentials, session tokens, crypto wallets, and personal data from infected devices. The threat actor uses clever tactics like fake CAPTCHA challenges and social engineering during software downloads. In simpler cases, victims are lured to malicious sites and tricked into opening harmful files in Windows Explorer.
