New Report: Lumma Stealer Distributed via Discord Content Delivery Network (CDN)
According to the new report by Trend Micro, attackers have started utilizing the Content Delivery Network (CDN) Discord to spread a malicious software called Lumma Stealer. Furthermore, hackers have created bots using the application programming interface (API) to remotely control the malware.
Background on Lumma Stealer
Lumma Stealer was initially discovered in 2018. This malicious software, written in the programming language C, is capable of stealing accounting data and other confidential information from an infected computer. Currently, Lumma Stealer is being offered to other hackers as a Malware-as-a-Service (MAAS) for $250 per month. By purchasing the priciest package, cybercriminals gain access to the program’s source code and can modify it to enhance their attacks.
The CyberPrefrefectors Campaign
As part of the CyberPrefrefectors campaign, attackers are using fake or compromised accounts to connect with potential victims through personal messages. In these messages, hackers lure users with the promise of a project where they need to review a game. As an incentive, participants are promised a $10 reward through PayPal or the Discord Nitro Boost bonus. Once the victim agrees, the hacker sends a link to download a file that initiates the download of Lumma Stealer.
Malicious Activities of Lumma Stealer
Once activated, the virus attempts to steal assets from cryptocurrency wallets, as well as login credentials and stored passwords in web browsers. With this stolen data, attackers can gain control over the victim’s accounts or even impersonate the user to carry out further cybercrimes.