Lumma Stealer.

A subscription-priced Russian-speaking malware-as-a-service info-stealer that emerged in 2022 and became one of the top-three stealers worldwide by 2024, distributed primarily via ClickFix lures and crack sites. 它属于网络安全的 恶意软件 分类。

A subscription-priced Russian-speaking malware-as-a-service info-stealer that emerged in 2022 and became one of the top-three stealers worldwide by 2024, distributed primarily via ClickFix lures and crack sites.

Lumma Stealer (also called LummaC2) is a C-language Windows info-stealer first observed in mid-2022 and rented out as malware-as-a-service in Russian-speaking criminal forums. By 2024 it had become one of the dominant info-stealers worldwide alongside RedLine and StealC, having largely filled the vacuum left by RedLine and Raccoon takedowns. Capabilities are typical of the category: theft of browser cookies, saved passwords, autofill data, crypto-wallet files, Discord and Telegram tokens, Steam sessions, and arbitrary files matched against operator-supplied patterns. Lumma is widely distributed via ClickFix fake-CAPTCHA lures, malicious cracks and YouTube tutorials, malvertising, and SEO-poisoned download sites. The 2024–2025 operator added GenAI-powered command-and-control obfuscation and bundled a loader stage for follow-on payloads such as ransomware. In May 2025 Microsoft Digital Crimes Unit, the U.S. DOJ, Cloudflare, ESET and Europol jointly disrupted Lumma's infrastructure (Operation Endgame), seizing roughly 2,300 domains and disrupting the storefront, though the actor's panel and forks resurfaced within weeks.

针对 Lumma Stealer 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: LummaC2, Lumma。