The authorities implement the complex global removal process from Infostealer used extensively by Internet criminals

Some Infostealer operators collect and sell these stolen data. But increasingly, the details at risk as a gateway to the infiltrators were made to launch other attacks, providing them with the necessary details to access accounts online and Networks of billions of dollars.

“It is clear that Infostealers have become more than just harmful programs to seize and move,” says Patrick Wardel, CEO of Apple Security Company. “In many campaigns, it really works as a first stage, as it collects accreditation data, access codes, and other data that records the foot, which is then used to launch more traditional and highly influential attacks such as side motion, spying or ransom.”

Lumma Infostealer appeared for the first time in electronic crime forums in Russian in 2022, according to the FBI and Cisa. Since then, its developers have promoted his capabilities and released various different versions of the program.

Since 2023, for example, they have been working to integrate artificial intelligence into the malware platform, according to Results From TRELIX security company. The attackers want to add these capabilities to automate some of the actions involved in cleaning the huge quantities of raw data collected by Infostealers, including identifying and separating “BOT” accounts that are less valuable for most attackers.

One official is not He said 404 Mediia and Wire Last year, they encouraged both experienced infiltrators and new online criminals to use their programs. “This brings us good income,” the official said, referring to the reselling of stolen login data.

Microsoft says the main developer behind Lumma is passing through the SHAMEL handicraft, based in Russia.

“Chamel is shopping different levels of Lumma service via Telegram and chat forums in other Russian,” wrote Masada from Microsoft on Wednesday. “Depending on the electronic purchasing service, they can create their own versions of harmful programs, add tools to hide and distribute them, and track stolen information through an online port.”

Kevilvic of Kela says that in the days before the removal, some Internet criminals began to complain about the forums that had problems with Lumma. They even speculated that the platform of harmful programs had been targeted in the law enforcement.

“Based on what we see, there is a wide range of internet criminals who admit that they are using Lumma, such as the actors participating in credit card fraud, first arrival sales, cryptocurrency stealing, and more,” says Kevilivic.

Among the other tools, the scattered spider piracy group – which attacked Caesars Entertainment and MGM Resorts International I was observed using Lumma thief. At the same time, according to a report from TechcrunchIt was claimed that harmful programs were not used in the accumulation of an education technology penetration company in December 2024 70 million records were stolen.

“We now see that Infostealers not only develop technically, but also play a more operating central role,” says Wardle at Doubleyou. “Even the actors in the nation -state are developing and publishing them.”

Ian Gray, Director of Analysis and Research at Flashpoint Company, says to the security company, although Infostealers are only one tool that the Internet criminals will use, their spread may make it easy for Internet criminals to hide their paths, “says Ian Gray, Flashpoint Company for Security Company. “Even advanced threat representative groups benefit from Infostealer records, or they risk burning tactics, techniques and advanced measures (TTPS),” says Gray.

Lumma is not the first Infostealer aimed at applying the law. In October last year, the Dutch National Police, along with the international partners, dropped the infrastructure associated with red programs and malicious elegance, and the unlimited US Ministry of Justice against Maxim RhodomitovOne of the alleged developers and officials of Infostealer from Redline.

Despite the international campaign, Infostealers have proven very useful and effective for the attackers to abandon it. “Even if the scene eventually turns due to the development of defenses, the growing emergence of Infostealers over the past few years indicates that they are likely to remain here in the expected future. Their use exploded.”