CYFIRMA researchers have uncovered a malware campaign exploiting a spoofed Telegram Premium site—telegrampremium[.]app—to distribute a new variant of Lumma Stealer.Key Findings:• Drive-by download delivers malicious start.exe without user interaction• Targets browser credentials, crypto wallets, system info• Employs obfuscation, DGA-based domains, public DNS evasion• Uses legitimate platforms (e.g., t.me, Steam) for stealthy C2• Windows-focused, written in C/C++, and uses advanced evasion techniquesStay vigilant. Threat actors are innovating—brand impersonation and drive-by downloads are on the rise.Link to the Research Report: https://www.cyfirma.com/research/fake-telegram-premium-site-distributes-new-lumma-stealer-variant/#CyberSecurity #ThreatIntelligence #Malware #LummaStealer #Telegram #CYFIRMA #InfoStealer #CyberThreat #APThttps://www.cyfirma.com/

Ver todos los episodios