Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Ilya Sutskever leads the CEO exit and secure close one

The Y Combinator alumni have launched a new $34 million fund dedicated to YC startups.

Trump administrator illegally killed gender-related health websites, court rules

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Sticky werewolves deploy Lumma Stealer in Russia and Belarus using undocumented implants
Identity

Sticky werewolves deploy Lumma Stealer in Russia and Belarus using undocumented implants

userBy userFebruary 28, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

February 28, 2025Ravi LakshmananFinancial fraud / Cyberspy

The threat actor known as Sticky Wearwolf is primarily linked to targeted attacks in Russia and Belarus, and is intended to deliver Lumma Stealer malware using previously undocumented implants.

Cybersecurity company Kaspersky tracks activities under the name Angry Likho. This is said to be a “strong similarity” that awakened to Likho (aka Core Werewolf, Gamacopy, and Pseudogamaderon).

“However, the angry Rikho attacks tend to focus on more compact infrastructure, limited range of implants, and employees of large organizations, including government agencies and their contractors,” the Russian company said.

Cybersecurity

Given the use of fluent Russian in the bait files used to cause infection chains, it is suspected that the threat actor is likely to be native Russian speakers. Last month, cybersecurity company F6 (formerly Cont) described it as “Procrane’s Cyberspie Group.”

The attackers are known to be primarily a single organisation in Russia and Belarus, with hundreds of casualties identified in the former.

Previous intrusion activities associated with the group utilize phishing email as a conduit for distributing various malware families, including Netwire, Rhadamanthys, Ozone Rat, and backdoors known as DarkTrack.

Attack sequences involve the use of spear phishing emails with attachments (such as archive files) trapped in a booby. Among them are two Windows Shortcuts (LNK) files and a legitimate lure document.

The archive file takes malicious activity to the next stage, unlocking complex multi-stage processes, and deploying Lumma Information Stealer.

“The implant was created to serve as a legal open source installer, a Nullsoft Scriptable installation system, and a self-extracting archive (SFX),” says Kaspersky.

It has been observed that the attack incorporates steps to avoid detection by security vendors using emulators and sandbox environment checks, ending or restarting the malware after a 10,000 ms delay.

This overlap makes it more likely that the attackers behind two campaigns share the same technology or the same group.

Cybersecurity

Lumma Stealer is designed to collect system information and installed software information from compromised devices as well as sensitive data such as cookies, usernames, passwords, bank card numbers, and connection logs. You can also steal data from a variety of web browsers, cryptocurrency wallets, Cryptowallet browser extension (metamask), authenticators, and Anydesk and Keepass.

“The group’s latest attacks use Lumma Stealer, which collects a huge amount of data from infected devices, including bank details stored by browsers and Cryptowallet files,” says Kaspersky.

“The group relies on easily available malicious utilities obtained from the DarkNet forum, rather than developing their own tools. The only thing they do is create a mechanism for malware delivery to victims’ devices and create targeted phishing emails.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleThe Biore Frog Project enters the hot phase
Next Article Solar Quality Summit Europe 2025: Guaranteed future growth
user
  • Website

Related Posts

Large Android scam business has been revealed: Iconads, KaleIdoscope, SMS Malware, NFC Scams Identified apps are designed to load out-of-context ads on users’ screens and hide icons from the device’s home screen launcher, making it difficult for victims to remove them according to the company’s Satori Threat Intelligence and Research team. The app was then removed from the Play Store by Google. Advertising fraud schemes accounted for 1.2 billion bid requests per day due to their high activity. The majority of Iconads-related traffic comes from Brazil, Mexico and the United States. Iconads is a variant of the threat tracked by other cybersecurity vendors under the name Hiddedads and Vapor, and since at least 2019, malicious apps have been sliding around the Google Play Store repeatedly. Some of the common features of these apps include the use of obfuscation for concealment…

July 3, 2025

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Steal User Assets

July 3, 2025

The Hidden Weaknesses in AI SOC Tools that No One Talks About

July 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Ilya Sutskever leads the CEO exit and secure close one

The Y Combinator alumni have launched a new $34 million fund dedicated to YC startups.

Trump administrator illegally killed gender-related health websites, court rules

Meta has found another way to engage you: message that message first

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Unlocking the Power of Prediction: The Rise of Digital Twins in the IoT World

TwinH: Digital Human Twin Aims for Victory at Break the Gap 2025

The Digital Twin Revolution: Reshaping Industry 4.0

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.