Lumma spread malware whilst concealing malicious activity.
Operations of the Lumma information-stealing malware have returned to near-normal levels two months after some of its infrastructure and its domains were taken down by a global law enforcement effort.
With the failed attempt to seize its central server enabling immediate and accelerated infrastructure restoration, Lumma has since tapped Russian-based cloud infrastructure provider Selectel and other vendors to better conceal malicious activity, an analysis from Trend Micro revealed.
It also found that the malware was spread while leveraging fraudulent software cracks, malicious GitHub repositories, YouTube videos, Facebook posts, and the ClickFix social engineering technique, BleepingComputer reports.
"Following the law enforcement action against Lumma Stealer and its associated infrastructure, our team has observed clear signs of a resurgence in Lumma's operations. Network telemetry indicates that Lumma's infrastructure began ramping up again within weeks of the takedown," said Trend Micro.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
