Read more about Lumma Stealer:
- Infostealer Lumma Evolves With New Anti-Sandbox Method
- Famous YouTube Channels Hacked to Distribute Infostealers
- LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
Instant messaging app Telegram is gaining traction as a malware-spreading platform, according to cybersecurity firm McAfee.
Two McAfee researchers analyzed in a November 20 blog post how Lumma Stealer, one of the most used infostealers, is being distributed on Telegram.
The researchers believe that threat actors have identified the messaging platform as a lucrative distribution vector because it reaches a broad and often unsuspecting audience.
Deploying the infostealer via Telegram also bypasses traditional detection mechanisms.
Lumma Stealer Disguised as Benign Apps
The McAfee researchers identified two prominent Telegram channels distributing Lumma Stealer payloads through cracking software or archived versions of seemingly benign software.
The first channel, named VIP HitMaster Program, has over 42,000 subscribers, and the second, named MegaProgram +, has 8660. Both channels regularly forward each other’s messages.
Indian Telegram users are the most affected by this threat, followed by US and European users.
No tags.
