“Based on what we see, there is a wide range of cybercriminals admitting they are using Lumma, such as actors involved in credit card fraud, initial access sales, cryptocurrency theft, and more,” Kivilevich says.
Among other tools, the Scattered Spider hacking group—which has attacked Caesars Entertainment, MGM Resorts International, and other victims—has been spotted using the Lumma stealer. Meanwhile, according to a report from TechCrunch, the Lumma malware was allegedly used in the build-up to the December 2024 hack of education tech firm PowerSchool, in which more than 70 million records were stolen.
“We’re now seeing infostealers not just evolve technically, but also play a more central role operationally,” says DoubleYou’s Wardle. “Even nation-state actors are developing and deploying them.”
Ian Gray, director of analysis and research at the security firm Flashpoint, says that while infostealers are only one tool that cybercriminals will use, their prevalence may make it easier for cybercriminals to hide their tracks. “Even advanced threat actor groups are leveraging infostealer logs, or they risk burning sophisticated tactics, techniques, and procedures (TTPs),” Gray says.
Lumma isn’t the first infostealer to be targeted by law enforcement. In October last year, the Dutch National Police, along with international partners, took down the infrastructure linked to the RedLine and MetaStealer malware, and the US Department of Justice unsealed charges against Maxim Rudometov, one of the alleged developers and administrators of the RedLine infostealer.
Despite the international crackdown, infostealers have proven too useful and effective for attackers to abandon. As Flashpoint’s Gray puts it, “Even if the landscape ultimately shifts due to the evolution of defenses, the growing prominence of infostealers over the past few years suggests they are likely here to stay for the foreseeable future. Usage of them has exploded.”
This story originally appeared at wired.com.
