Lumma Stealer.

A subscription-priced Russian-speaking malware-as-a-service info-stealer that emerged in 2022 and became one of the top-three stealers worldwide by 2024, distributed primarily via ClickFix lures and crack sites. Es gehört zur Kategorie Schadsoftware der Cybersicherheit.

A subscription-priced Russian-speaking malware-as-a-service info-stealer that emerged in 2022 and became one of the top-three stealers worldwide by 2024, distributed primarily via ClickFix lures and crack sites.

Lumma Stealer (also called LummaC2) is a C-language Windows info-stealer first observed in mid-2022 and rented out as malware-as-a-service in Russian-speaking criminal forums. By 2024 it had become one of the dominant info-stealers worldwide alongside RedLine and StealC, having largely filled the vacuum left by RedLine and Raccoon takedowns. Capabilities are typical of the category: theft of browser cookies, saved passwords, autofill data, crypto-wallet files, Discord and Telegram tokens, Steam sessions, and arbitrary files matched against operator-supplied patterns. Lumma is widely distributed via ClickFix fake-CAPTCHA lures, malicious cracks and YouTube tutorials, malvertising, and SEO-poisoned download sites. The 2024–2025 operator added GenAI-powered command-and-control obfuscation and bundled a loader stage for follow-on payloads such as ransomware. In May 2025 Microsoft Digital Crimes Unit, the U.S. DOJ, Cloudflare, ESET and Europol jointly disrupted Lumma's infrastructure (Operation Endgame), seizing roughly 2,300 domains and disrupting the storefront, though the actor's panel and forks resurfaced within weeks.

Schutzmaßnahmen gegen Lumma Stealer kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: LummaC2, Lumma.