Large-Scale Lumma Infostealer Campaign Abuses GitHub for Malware

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 
July 19, 2025
2 min read

The Rise of Lumma Info Stealer

Lumma Info Stealer

The Malware-as-a-Service (MaaS) model is providing cybercriminals with accessible and sophisticated tools for executing cyber attacks. One notable example is the Lumma info stealer, which has been operational since 2022, targeting sensitive data such as login credentials and banking information. This malware is distributed on dark web forums and has seen increased visibility with various command-and-control (C2) servers identified.

Lumma Info Stealer Background

Lumma, also known as LummaC2, is marketed to threat actors with tiered subscription models, making it affordable for even novice attackers. Priced from USD 250, it has gained traction in marketplaces alongside other info stealers like Vidar and Racoon. The malware primarily targets cryptocurrency wallets and two-factor authentication (2FA) extensions, indicating a focus on high-value targets.

Attack Vectors and Distribution Methods

Lumma has been distributed through various deceptive methods, including masquerading as popular software like VLC or ChatGPT. Attackers also exploit phishing emails, often impersonating legitimate companies such as Bandai Namco to lure victims into executing malicious payloads. The malware targets Windows operating systems and multiple browsers, including Chrome and Firefox, to exfiltrate sensitive information.

Malicious Email Example

Data Exfiltration Techniques

Once Lumma is successfully executed, it employs HTTP POST requests to transmit stolen data to its C2 servers. Darktrace observed various devices infected with Lumma communicating with known C2 infrastructure, revealing a pattern of data exfiltration activities. The malware is capable of accessing and stealing browser data, cookies, and sensitive information from applications like AnyDesk and KeePass.

Device Event Log

Evasion Techniques and Defense Recommendations

Lumma employs various evasion techniques to avoid detection by security systems, including using obfuscation and encryption to mask payloads and leveraging trusted binaries like mshta.exe and wscript.exe to execute malicious code. Organizations are urged to adopt advanced security measures, such as Gopher Security's AI-Powered Zero Trust Platform, to enhance their defenses against evolving threats like Lumma.

Future Outlook

As cyber threats become more sophisticated, organizations need to focus on proactive risk management strategies. Gopher Security provides services like Cloud Access Security Broker and AI Inspection Engine for Traffic Monitoring to help businesses detect and respond to such threats effectively.

Explore our services at Gopher Security to safeguard your organization against the rising tide of cyber threats.

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 

MBA-credentialed cybersecurity expert specializing in Post-Quantum Cybersecurity solutions with proven capability to reduce attack surfaces by 90%.

Related News

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits
vulnerability exploits

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits

Vulnerability exploits now account for 40% of cyber intrusions, surpassing phishing. Learn how shrinking patch windows and edge device targets are changing security.

By Brandon Woo April 6, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026
cybersecurity trends 2026

Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026

Vulnerability exploits now drive 40% of cyberattacks as hackers weaponize flaws within hours. Learn why traditional patching is failing and how to adapt. Read more.

By Divyansh Ingle March 30, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions
Vulnerability Exploitation

Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions

Hackers are weaponizing zero-days within hours of disclosure, leaving traditional patch cycles in the dust. Learn how to bridge the security gap with MFA and Zero-Trust.

By Alan V Gutnov March 23, 2026 4 min read
common.read_full_article
Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends

Exploits are the leading cause of cyber intrusions, outpacing phishing. Discover the latest trends and essential strategies to protect your organization. Read now!

By Brandon Woo March 16, 2026 3 min read
common.read_full_article