bleepingcomputer.com - The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure.
Although the Lumma malware-as-a-service (MaaS) platform suffered significant disruption from the law enforcement action, as confirmed by early June reports on infostealer activity, it didn't shut down.
The operators immediately acknowledged the situation on XSS forums, but claimed that their central server had not been seized (although it had been remotely wiped), and restoration efforts were already underway.
Gradually, the MaaS built up again and regained trust within the cybercrime community, and is now facilitating infostealing operations on multiple platforms again.
According to Trend Micro analysts, Lumma has almost returned to pre-takedown activity levels, with the cybersecurity firm's telemetry indicating a rapid rebuilding of infrastructure.
"Following the law enforcement action against Lumma Stealer and its associated infrastructure, our team has observed clear signs of a resurgence in Lumma's operations," reads the Trend Micro report.
"Network telemetry indicates that Lumma's infrastructure began ramping up again within weeks of the takedown."
Learn how JFrog detected a malicious package that steals MEXC credentials and crypto trading tokens to buy and sell futures on crypto trading platforms.
Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users.
This new version had been undetected for over two months until the original version of Banshee Stealer was leaked on XSS forums, which resembled similarities with the malware’s core functionality.
One notable difference between the leaked source code and the version discovered by Check Point Research is the use of a string encryption algorithm. This algorithm is the same as Apple uses in its Xprotect antivirus engine for MacOS.
One method of distributing Banshee Stealer involved malicious GitHub repositories, targeting Windows users with Lumma Stealer and macOS users with Banshee Stealer.
Banshee operated as a ‘stealer-as-a-service’, priced at $3,000, and was advertised through Telegram and forums such as XSS and Exploit. On November 23, 2024, the malware’s source code was leaked, leading the author to shut down the operations the following day.
Despite shutting down the operation, threat actors continue to distribute the new version of Banshee via phishing websites.
Invitations to try a beta lead to a fake game website where victims will get an information stealer instead of the promised game
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112: A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-49113: A denial-of-service (DoS) vulnerability that can be exploited to crash the LDAP service, leading to service disruptions.
In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers into downloading and executing information-stealing malware.
The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak.
An unsealed criminal complaint says U.S. investigators used public evidence from various online platforms to identify a Russian national as the alleged creator of the Redline malware.
Gamers searching for game cheats are falling victim to a global malware campaign delivering RedLine Stealer.
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.
Insikt Group’s analysis of Rhadamanthys Stealer v0.7.0 reveals its growing capabilities, including AI-powered seed phrase extraction and MSI installer evasion tactics.
A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named
#Atomic #Computer #Info #InfoSec #Information #Information-stealing #Marko #Polo #Rhadamanthys #Security #Stealc #Stealer #malware
Cybersecurity experts uncover the infamous Lummac Stealer malware, disguised as an OnlyFans "Checker" tool, targeting hackers.
Ontinue Cyber Defenders have observed an uptick in activities related to the LummaC2 infostealer being used as a Malware-as-a-Service.
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.
Learn more about a Word document CrowdStrike Intelligence identified containing macros that download an unidentified stealer now tracked as Daolpu.
FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files. Read more.
Kematian-Stealer is actively being developed and distributed as an open-source tool on GitHub. Our investigation revealed that the stealer’s source code, related scripts, and a builder for generating malicious binaries are hosted under the GitHub account “Somali-Devs.” Significant contributions from the user KDot227 suggest a close link between this account and the development of the stealer. These scripts and stealer are designed to covertly extract sensitive data from unsuspecting users and organizations.
What happened Proofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time researchers observed TA547 use Rhadamanthys,...
