"Beware Weaponized YouTube Channels Spreading Lumma Stealer"
Security researchers at FortiGuard have observed that attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary malicious servers to distribute the malware. The researchers noted that the campaign is similar to an attack discovered last March that used artificial intelligence (AI) to spread step-by-step tutorials on installing programs like Photoshop, Autodesk 3ds Max, AutoCAD, and others without a license. The researchers stated that these YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides. The researchers noted that links shared in the videos use link-shortening services like TinyURL and Cuttly, leading to the direct download of a new, private .NET loader responsible for fetching the final malware, Lumma Stealer. Lumma targets sensitive information, including user credentials, system details, browser data, and extensions. The malware has been featured on ads on the Dark Web and a Telegram channel since 2022, with over a dozen command-and-control servers in the wild and multiple updates.
DarkReading reports: "Beware Weaponized YouTube Channels Spreading Lumma Stealer"