Back To Business: Lumma Stealer Returns With Stealthier Methods
Trend Micro, Tuesday, July 22nd, 2025
Lumma Stealer has re-emerged shortly after its takedown. This time, the cybergroup behind this malware appears to be intent on employing more covert tactics while steadily expanding its reach. This article shares the latest methods used to propagate this threat.
Key takeaways:
Not long after its takedown in May, Lumma Stealer is back. From June to July, the number of targeted accounts began resurging. Now, the malware is distributed with more discreet channels and stealthier evasion tactics.
With its information-stealing capabilities, Lumma Stealer can siphon sensitive data such as credentials and private files. Also, as the threat is marketed as a malware-as-a-service (MaaS), even cybercriminals with little to no technical knowledge can wield this malware.
Users can be lured to download the Lumma Stealer through fake cracked software, deceptive websites, and social media posts. From an organization's perspective, employees with little to no cybersecurity awareness could fall prey to these attacks.
Trend Vision One detects and blocks the indicators of compromise (IOCs) discussed in this blog. Trend Vision One customers can also access hunting queries, threat insights, and threat intelligence reports to gain rich context and the latest updates on Lumma Stealer.