Support the ZSU
Youtube
Facebook
Microsoft warns of a new dangerous virus on Windows
Microsoft analysts have detected a sharp rise in activity involving the dangerous Lumma Stealer info stealer within the Windows operating system. This malware is used by cybercriminals worldwide.
Microsoft writes that due to its complex distribution infrastructure and multi-level infection methods, this malware is becoming increasingly difficult to detect and eliminate.
What is known about the malware on Windows?
Lumma Stealer, also known as LummaC2, is a product of the "malware as a service" (MaaS) model. It is sold and maintained by a cybercriminal operating under the pseudonym Storm-2477. This platform enables customers to create their own virus variants, manage stolen data, and select command and control channels. Criminals working with this service use sophisticated delivery methods, including phishing emails, fake updates, infected websites, and legitimate cloud services.
Lumma Stealer is distributed via email, fake ads, and infected installers of popular programs. It can also be found through smart contracts on blockchain platforms. One of the most dangerous methods is ClickFix, which forces users to manually enter a malicious command into the system while disguising it as a CAPTCHA check.
This malware steals data from Chromium, Mozilla, and Edge browsers, including passwords, cookies, cryptocurrency wallets, and user files. Additionally, Lumma can install other programs, including miners or plug-ins that steal from the clipboard. It evades detection through deep obfuscation, injection into system processes, and technologies such as Heavens Gate or low-level syscall.
Microsoft also reports that some of Lumma Stealer's control servers were hiding behind Cloudflare proxies and Telegram channels, and all data transmission was via HTTPS with ChaCha20 encryption. The company has already detected six versions of the virus, each of which includes new evasion techniques.
As a result of a joint operation between Microsoft and law enforcement, more than 2,300 domains associated with the Lumma Stealer infrastructure were neutralized. However, according to experts, the threat can be completely eliminated only with enhanced multi-level defense, including multifactor authentication, blocking scripts and using secure browsers.
Microsoft encourages corporate customers to activate the lockdown mode in Defender for Endpoint and automate threat detection and neutralization as much as possible. The company has also provided special tools to analyze suspicious commands and monitor Lumma Stealer-related activity on corporate networks.
As a reminder, a new test build of Windows 11, 26200.5603 (KB5058488), has been released in the Windows Insider program's Dev channel. It contains a number of innovations, including experimental artificial intelligence features in Explorer, search updates, widget panel, developer tools, and system management.
Also, Huawei has officially unveiled HarmonyOS PC, its first desktop operating system created "from scratch". After more than five years of development and the participation of over 10,000 engineers, the company has been able to offer an alternative to Western platforms.
