Intel Name: Threat actors deploy lummac2 malware to exfiltrate sensitive data from organizations
Date of Scan: May 23, 2025
Impact: High
Summary: LummaC2 is an infostealer malware targeting critical U.S. infrastructure sectors, active from November 2023 to May 2025. It spreads via spearphishing emails containing fake CAPTCHAs that trick users into running PowerShell commands. The malware is often embedded in spoofed software and first emerged on Russian-speaking forums in 2022. LummaC2 uses advanced obfuscation techniques to evade antivirus and EDR detection.
