Developers Beware: Lumma Stealer Malware Hidden in GitHub Comments

Lumma Stealer is highly advanced malware that targets victims’ sensitive data and steals various types of information, including browser passwords, cookies, cryptocurrency wallets, and data from email clients, by continuously evolving its methods to stay ahead of security measures. 

For example, it was one of the first to exploit a vulnerability in Google accounts to steal session cookies, which poses a significant threat to individuals and organizations due to its ability to compromise sensitive information.

Lumma, malicious software, is being propagated through Telegram and dark web platforms, which are on a subscription-based model known as Malware-as-a-Service (MaaS). 

It enables cybercriminals to rent or purchase Lumma for their malicious activities, which significantly lowers the barrier of entry for those seeking to engage in cybercrime, making it a concerning trend in the digital landscape.

A new malware distribution method has emerged, exploiting public GitHub repositories, where malicious actors are embedding links to encrypted archives hosted on mediafire.com within comments on these repositories, which are accompanied by a password, often the default “changeme.” 

examples of the comments

If a user downloads and extracts the archive, their data is at risk of infection, which offers a stealthy and efficient way to spread malware, as it leverages the trust and visibility of GitHub repositories.

GitHub is facing a challenge in removing malicious comments from their platform due to the sheer volume of posts. Attackers are continuously adding new comments, overwhelming GitHub’s efforts to delete them. 

Despite this, GitHub has shown progress in addressing the issue, with an increase in comment deletions, which indicates that GitHub is actively working to combat the malicious activity.

Gen Digital highlights a growing trend of cyberattacks utilizing poor English in comments to distribute malicious software. While this tactic makes threats easier to identify, the increasing sophistication of AI tools could lead to more convincing and deceptive messages, which poses a significant challenge for users in distinguishing between legitimate and malicious content. 

comment on YouTube

Similar campaigns have been observed on platforms like YouTube, where attackers use various methods to distribute malware, including different passwords and hosting platforms.

Cybercriminals are employing a deceptive tactic to distribute malware by creating “fake tutorials” on social media platforms, targeting users seeking free software that offers supposedly cracked versions of popular software, but clicking on the provided links leads to malware downloads. 

The malware, often a stealer like Lumma Stealer, compromises the victim’s device by stealing sensitive information, which is being used across multiple platforms, indicating a coordinated effort by organized groups to spread malware.

To mitigate the GitHub threat, immediately scan the system with updated antivirus software and remove any malware. Change passwords for compromised accounts and log out of all active sessions on the infected device. 

Enable two-factor authentication for enhanced security, ensure that antivirus software is up-to-date, and avoid adding untrusted software to its exceptions.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here