October 16, 2023 at 04:37AM
Discord’s content delivery network (CDN) is being exploited by threat actors to distribute the Lumma Stealer malware, which steals user credentials. The malware is spread through direct messages, offering victims Discord Nitro boost in exchange for assistance and prompting them to download a file. Lumma Stealer can steal cryptocurrency wallets and browser data. It can also load other files, potentially leading to other malware. Users should be cautious of unknown sources, verify senders’ identity, use reliable antivirus software, and receive training on avoiding social engineering scams.
Based on the meeting notes, here are the key takeaways:
1. Threat actors are distributing Lumma Stealer, an information-stealing malware, via Discord’s content delivery network (CDN). They utilize Discord accounts to send direct messages to victims, tricking them into downloading and executing a malicious file.
2. Lumma Stealer steals user credentials and targets cryptocurrency wallets and browser data.
3. Lumma Stealer is being sold as a service in underground forums, with different plan options and prices ranging from $250 per month to $20,000.
4. The malware has the ability to load other files and can detect “bots” using artificial intelligence and deep learning.
5. Users should exercise caution when clicking on links or downloading files from unknown sources and verify the sender’s identity before opening attachments.
6. It is recommended to use reliable antivirus software, conduct regular information security training for employees, and consider implementing Trend Micro solutions such as Managed XDR, Trend One™, Apex One™, and Trend Cloud One™ for enhanced security and protection.
Indicators of compromise:
– C&C: gapi-node.io
– SHA256: 674d96c42621a719007e64e40ad451550da30d42fd508f6104d7cb65f19cba51
Please let me know if you need any further information.