Operations of the Lumma information-stealing malware have returned to near-normal levels two months after some of its infrastructure and its domains were taken down by a global law enforcement effort, BleepingComputer reports.
With the failed attempt to seize its central server enabling immediate and accelerated infrastructure restoration, Lumma has since tapped Russian-based cloud infrastructure provider Selectel and other vendors to better conceal malicious activity, while leveraging fraudulent software cracks, malicious GitHub repositories, YouTube videos, Facebook posts, and the ClickFix social engineering technique to spread the malware, an analysis from Trend Micro revealed. "Following the law enforcement action against Lumma Stealer and its associated infrastructure, our team has observed clear signs of a resurgence in Lumma's operations. Network telemetry indicates that Lumma's infrastructure began ramping up again within weeks of the takedown," said Trend Micro. Such a development emphasizes the importance of arrests and indictments in ensuring the effectiveness of malware operation takedowns.
With the failed attempt to seize its central server enabling immediate and accelerated infrastructure restoration, Lumma has since tapped Russian-based cloud infrastructure provider Selectel and other vendors to better conceal malicious activity, while leveraging fraudulent software cracks, malicious GitHub repositories, YouTube videos, Facebook posts, and the ClickFix social engineering technique to spread the malware, an analysis from Trend Micro revealed. "Following the law enforcement action against Lumma Stealer and its associated infrastructure, our team has observed clear signs of a resurgence in Lumma's operations. Network telemetry indicates that Lumma's infrastructure began ramping up again within weeks of the takedown," said Trend Micro. Such a development emphasizes the importance of arrests and indictments in ensuring the effectiveness of malware operation takedowns.



