At the end of last month, a major operation disrupted the infrastructure of Lumma Stealer, a formidable data-stealing virus. The operation, involving the US justice system, Europol, and Microsoft, cut off hackers' access to the 300,000 computers infected by the malware. While the US justice system took control of the ecosystem's command center, Microsoft blocked 1,300 criminal websites linked to Lumma Stealer. According to Europol, the assault significantly disrupted "a vast criminal infrastructure".
Lumma Stealer Holds Firm
Unfortunately, it appears that Lumma Stealer is already emerging from the waters. Researchers at Check Point Research indicate that the virus's command and control servers are still operational. Worse, it turns out that the amount of data stolen by Lumma continues to increase. Data resale markets also continue to sell information compromised by the virus. This is particularly the case on Telegram, where there are signs of a "sustained resumption of activity."
Check Point Research explains that it has observed "significant efforts on the part of the developer Lumma to fully restore its infostealer activities and conduct business as usual." It appears that the dismantling operation has not succeeded in permanently paralyzing the virus and its sponsors. Hosted in Russia, the vast majority of the infrastructure has escaped the attacks of the American police and its partners. According to Lumma's creator, the main server was not seized.
A tarnished reputation
Nevertheless, experts have eavesdropped on a series of conversations between hackers that suggest that Lumma Stealer's reputation has been seriously damaged. Often, law enforcement operations do more irreparable damage to the reputation of a malware program, and its creators, than to its IT infrastructure.
During the offensive, law enforcement set up a trap to retrieve data from Lumma users. Authorities posted a fake "login page" to collect the cybercriminals' credentials. In short, investigators launched a phishing page to try to trace the hackers. This tactic has considerably irritated hackers who might be tempted to use Lumma again.
On criminal forums, hackers are currently debating the future of the malware. Some are wary and prefer not to trust the virus anymore. For others, the infostealer will fully recover from the authorities' assault.
Source: Check Point
0 Comments