The ESET Threat Report for the second half of 2023 showed that cryptostealers (cryptocurrency thieves) had an increase of up to 68%, and Lumma was the malware responsible for 80% of the detections. ESET, a leading company in proactive threat detection, highlights that despite the fact that cryptominers (the majority threat detected in this area) showed a decline of more than 20%, cryptostealers continue to make headlines.
The cryptostealer called Lumma Stealer or also known as LummaC2 Stealer, targets two-factor authentication cryptocurrency wallets, users, credentials and browsers, but also extracts information from compromised machines.
Between the first and second half of 2023, Lumma Stealer detections tripled, recording the highest rate in the second half of the second half, and peaking in October.
This MaaS (malware as a Service) appeared in August 2022 and since that date it has been available for sale in clandestine forums and even on Telegram, with prices ranging from $250 to $20,000. It all depends on the level required: the highest gives buyers access to the source code and allows them to sell the malware themselves.
“The popularity of Lumma Stealer may be due to the fact that it is available for sale and that it does not focus solely on the theft of cryptocurrencies, since it is even easy for less technically trained cybercriminals to take advantage of,” comments Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Laboratory.
Other distribution vectors:
Although this infostealer primarily spreads through cracked installations of software such as VLC and ChatGPT, it also uses other distribution vectors. For example, in February 2023, a YouTuber was attacked via a phishing email posing as the video game company Bandai Namco. Malicious actors have also been spreading it through the popular chat platform Discord.