HQ/EMEAFind out how we can help your business
A disturbing revelation in a recent investigation about the Lumma Stealer has shed light on the malicious activities of threat actors lurking within the shadows of the popular communication platform Discord.
The payload the attackers used is malware that prioritises stealing sensitive information. Moreover, Lumma Stealer offers various plans tailored to different access levels. The malicious capabilities also include options for mere log views and sophisticated traffic analysis tools. However, the most interesting thing that the malware developers offer is access to the malware’s source code and even the privilege of reselling rights.
The Lumma Stealer operators have used Discord to spread its payload.
The Lumma Stealer operators have leveraged Discord’s Content Delivery Network (CDN) to host and propagate their malware. They have manipulated Discord’s API to generate malicious bots that could control the malware remotely. These bots manage the malware and exfiltrate the stolen data directly into discrete Discord channels.
The threat actors could deploy random or compromised Discord accounts to bait unsuspecting victims. Specially crafted lures serve as bait, such as promises of a $10 payment or a Discord Nitro boost in exchange for a simple game review. Once a victim bites the trick, it will instruct them to download a seemingly harmless file that stores Lumma Stealer.
Subsequently, the file will redirect the victims to a hostile domain that could stealthily harvest cryptocurrency wallets and sensitive browser-related information. Furthermore, the malware has upgraded its capabilities by loading auxiliary files that could potentially introduce even more hostile elements into the victim’s system.
One of its newest tricks also involves the detection of bots, employing advanced artificial intelligence and deep learning techniques to identify research environments or emulators.
Users should be vigilant and cautious when receiving unsolicited direct messages. In addition, users should also verify the sender’s identity before clicking links or opening attachments.
Everyone must exercise these preventive measures, especially when engaging with links or files from unverified sources since Discord is now plagued with threat actors and malware strains.
