Description
[Lumma Stealer](https://attack.mitre.org/software/S1213) is an information stealer malware family in use since at least 2022. [Lumma Stealer](https://attack.mitre.org/software/S1213) is a Malware as a Service (MaaS) where captured data has been sold in criminal markets to Initial Access Brokers.(Citation: Cybereason LumaStealer Undated)(Citation: Netskope LummaStealer 2025)(Citation: Qualys LummaStealer 2024)(Citation: Fortinet LummaStealer 2024)(Citation: TrendMicro LummaStealer 2025)
External References
Techniques Used by This Malware
- T1027 — Obfuscated Files or Information
- T1027.013 — Encrypted/Encoded File
- T1036.008 — Masquerade File Type
- T1041 — Exfiltration Over C2 Channel
- T1055.012 — Process Hollowing
- T1059.001 — PowerShell
- T1059.006 — Python
- T1059.010 — AutoHotKey & AutoIT
- T1071.001 — Web Protocols
- T1074.001 — Local Data Staging
- T1082 — System Information Discovery
- T1113 — Screen Capture
- T1119 — Automated Collection
- T1140 — Deobfuscate/Decode Files or Information
- T1176.001 — Browser Extensions
- T1195 — Supply Chain Compromise
- T1204 — User Execution
- T1204.002 — Malicious File
- T1217 — Browser Information Discovery
- T1218.005 — Mshta
- T1218.015 — Electron Applications
- T1497.001 — System Checks
- T1518.001 — Security Software Discovery
- T1539 — Steal Web Session Cookie
- T1547.001 — Registry Run Keys / Startup Folder
- T1553.002 — Code Signing
- T1555.003 — Credentials from Web Browsers
- T1562.001 — Disable or Modify Tools
- T1564.003 — Hidden Window
- T1566.001 — Spearphishing Attachment
- T1566.002 — Spearphishing Link
- T1573.002 — Asymmetric Cryptography
- T1574.001 — DLL
- T1620 — Reflective Code Loading
- T1622 — Debugger Evasion