Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

In a detailed analysis, CrowdStrike Intelligence uncovered a sophisticated phishing campaign that exploits a domain mimicking CrowdStrike's brand to distribute malicious software, specifically targeting Windows operating systems. The campaign delivers Lumma Stealer, a commodity information stealer, through a series of obfuscated and layered installations involving MSI and RAR files, leveraging advanced social engineering techniques like spam floods and voice phishing. The threat actor involved uses strategic timing, coinciding with a known issue in a CrowdStrike Falcon sensor update, to distribute the malware, which is designed to exfiltrate browser data to command-and-control servers. CrowdStrike provides several recommendations to mitigate such threats, including verifying the legitimacy of software updates and employing protective browser settings. The campaign is linked to a previous attack and is assessed with moderate confidence to be orchestrated by the same unidentified actor, highlighting the ongoing necessity for vigilance in cybersecurity measures.