Once-hobbled Lumma Stealer is back with lures that are hard to resist
摘要
去年五月,国际执法机构成功打击了信息窃取木马Lumma的基础设施,该木马曾在两个月内感染近39.5万台Windows电脑。研究人员近日指出,Lumma已大规模卷土重来,通过难以检测的攻击窃取凭证与敏感文件。该恶意软件自2022年出现在俄语网络犯罪论坛,采用云端恶意软件即服务模式,通过提供破解软件、游戏及盗版电影的诱饵网站进行传播。尽管执法机构在去年查封了其大
Last May, law enforcement authorities around the world scored a key win when they hobbled the infrastructure of Lumma, an infostealer that infected nearly 395,000 Windows computers over just a two-month span leading up to the international operation. Researchers said Wednesday that Lumma is once again “back at scale” in hard-to-detect attacks that pilfer credentials and sensitive files.
Lumma, also known as Lumma Stealer, first appeared in Russian-speaking cybercrime forums in 2022. Its cloud-based malware-as-a-service model provided a sprawling infrastructure of domains for hosting lure sites offering free cracked software, games, and pirated movies, as well as command-and-control channels and everything else a threat actor needed to run their infostealing enterprise. Within a year, Lumma was selling for as much as $2,500 for premium versions. By the spring of 2024, the FBI counted more than 21,000 listings on crime forums. Last year, Microsoft said Lumma had become the “go-to tool” for multiple crime groups, including Scattered Spider, one of the most prolific groups.
Takedowns are hard
The FBI and an international coalition of its counterparts took action early last year. In May, they said they seized 2,300 domains, command-and-control infrastructure, and crime marketplaces that had enabled the infostealer to thrive. Recently, however, the malware has made a comeback, allowing it to infect a significant number of machines again.
转载信息
评论 (0)
暂无评论,来留下第一条评论吧