detection of Lumma Stealer malware increased by almost 400%

marry 27.12.2024, 12:30 PM

According to telemetry data from ESET, detections of the data-stealing malware Lumma Stealer, which is increasingly in demand among cybercriminals, increased by an incredible 369% in the second half of 2024. Lumma Stealer first appeared in 2022, and in the top ten malware list this year species detected by ESET’s products emerged in the second half of 2024. The now dominant infostealer targets browser extensions for two-factor authentication (2FA), user passwords and cryptocurrency wallets.

When it comes to data-stealing malware, the Agent Tesla malware, which dominated the list of the most popular for a long time, has been replaced by the Formbook malware. Also known as XLoader, Formbook has been active since 2016, but cybercriminals still use it frequently because as a MaaS (malware-as-a-service) Formbook is in constant development, warns ESET.

After the international Operation Magnusin October 2024, when the police seized the servers of the RedLine Stealer malware, its decline is expected to lead to the emergence and spread of other similar threats, ESET estimates. It is unlikely that the creator of RedLine will try to revive the malware.

“RedLine’s affiliates will also likely want to move on, as law enforcement now has a database of their usernames and last used IP address,” it said. report ESET’s.

“Overall, we can expect the vacuum left by the removal of RedLine to lead to an increase in the activity of other MaaS infostealer malware.”

As regards ransomwareESET said that after the removal of the notorious LockBit ransomware, a vacuum has been created that is being filled by other threat actors. Ransomware-as-a-service RansomHub became dominant in the second half of 2024. ESET said there have been “hundreds of victims” of this ransomware so far.

“In the second half of 2024, cybercriminals seem to be preoccupied with finding security holes and innovative ways to expand their potential victims, in the usual cat-and-mouse game with defenders. As a result, we saw new attack vectors and social engineering methods, new threats that spiked in our telemetry, and takedown operations that led to changes in the previously established order,” concluded Jirži Kropač, ESET’s director of threat detection.

Photo: Philipp Katzenberger | Unsplash