Defending Against Lumma Information Stealer Malware

Published on 13 Oct 2023 | Updated on 13 Oct 2023

Lumma Information Stealer is a type of malware designed to steal sensitive information from compromised devices. The malware primarily targets cryptocurrency wallets and browser extensions to steal sensitive information such as cryptocurrency wallet data, browser cookies, connection history, credit card information and two-factor authentication (2FA) information.

How Lumma Information Stealer Spreads

Lumma Information Stealer malware commonly spreads through the following means:

  • Popular software, such as VideoLAN Client and ChatGPT. Cybercriminals distribute the malware by masquerading as legitimate software or authentic software updates.
  • Malicious attachments or links in phishing emails spoofing reputable organisations.

Prevention is key to avoid falling victim to malware infection. Individuals and organisations are advised to take the following measures to strengthen your cybersecurity posture and bolster your online defences to protect yourself and your organisation against Lumma Information Stealer malware.

Secure Your Systems and Network Infrastructure

For Individuals and Organisations:

  • Update systems, applications and software to the latest version and download the latest security patches.
  • Install anti-virus/anti-malware software and keep the software (and its definition files) updated. Perform a scan of the systems and networks regularly and scan all received files.

For Organisations:

  • Disable all ports and protocols that are not essential for business purposes.
  • Isolate devices that use legacy operating systems if organisations are unable to update these devices.
  • Limit privileged access to authorised personnel to reduce the risk of privileged account abuse or compromise.
  • Regularly monitor all user accounts and disable inactive accounts.
  • Enforce password updates for account owners that may have their credentials leaked.
  • Implement regular training to educate employees about the different types of phishing attacks, common phishing techniques and how to identify and respond to suspicious emails, links, and attachments. For more information on how organisations and its employees can protect itself from cyber threats, please refer to our advisory here.

Monitor Network Connections and Review System Logs to Quickly Detect a Potential Intrusion

For Organisations:

  • Enable logging of system events to facilitate investigation of suspicious events or issues.
  • Use an Effective Endpoint Detection and Response (EDR) Solution at end-users’ devices for continuous monitoring, detecting and responding of cyber threats.
  • Closely monitor inbound and outbound network traffic for suspicious communications or data transmissions.

More information is available here:
https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer

https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/
https://www.quorumcyber.com/wp-content/uploads/2023/09/Quorum-Cyber-Lumma-Stealer-Malware-Report-TI.pdf