A new Infostealer called “LummaC2” is being distributed disguised as illegal programs such as cracks and keygens.
Other malware such as CryptBot, RedLine, Vidar, and RecordBreaker (Raccoon V2) are distributed in a similar manner and have been covered here on ASEC Blog.
- Modified CryptBot Infostealer Being Distributed
- New Info-stealer Disguised as Crack Being Distributed
- A Dropper-Type Malware Bomb Being Distributed Again in the Disguise of Cracks
It appears that the LummaC2 Stealer has been available for purchase on the dark web since the beginning of this year, and since March, it has been distributed by a threat group disguised as a crack. Although this method of malware distribution is mostly used by RecordBreaker (Raccoon V2), LummaC2 Stealer is also being discovered from time to time. The LummaC2 Stealer was first discovered on March 3rd, and additional distributions were confirmed on the 12th and 20th of the same month, indicating an approximate activity rate of once a week.