July 25, 2024 at 06:42PM
CrowdStrike’s threat intel team warns of a new scam using the Lumma infostealing malware, targeting Windows users. The malware extracts sensitive data for criminal use, such as online banking and cryptocurrency credentials. The scam leverages a fake CrowdStrike domain, posing as a recovery tool for a previous faulty sensor update. The malware is delivered through deceptive .msi and .exe files.
Here are the key takeaways from the meeting notes:
– CrowdStrike is currently being used to trick Windows users into downloading and running the Lumma infostealing malware.
– Lumma malware is used to steal sensitive information from infected machines, such as login details, browser histories, and other credentials.
– The stolen information is then used for fraudulent activities, including gaining illicit access to victims’ online bank accounts, cryptocurrency wallets, and other apps and services.
– The Lumma build timestamp suggests that the sample for distribution was created just after the single content update for CrowdStrike’s Falcon sensor was identified.
– A fake CrowdStrike domain attempts to trick users into clicking on a .zip file containing a malware loader disguised as a recovery tool to fix the boot loop problem caused by the bad sensor update.
– Once executed, the malware loader deploys the Lumma malware onto the victim’s machine.
Overall, the meeting notes highlight the ongoing threat of the Lumma infostealing malware being distributed through fraudulent CrowdStrike-related campaigns, targeting Windows users for sensitive information theft and potential illicit activities.