- ITDM 2025 전망 | “불경기 시대 속 콘텐츠 산업··· 기술이 돌파구를 마련하다” CJ ENM 조성철 엔터부문 CIO
- Network problems delay flights at two oneworld Alliance airlines
- Leveraging Avaya Experience Platform to accelerate your digital banking transformation
- The best iRobot vacuums of 2024: Expert tested and reviewed
- This simple Gmail trick gave me another 15GB of storage for free - and I didn't lose any files
Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%
The Lumma Stealer infostealer malware is increasingly sought after by cybercriminals, according to cybersecurity firm ESET which reported a 369% surge in detections in its telemetry in the second half of 2024.
Lumma Stealer first appeared in the wild in 2022, eventually appearing on the list of top ten infostealers detected by ESET products in H2 2024.
The now dominant infostealer targets two-factor authentication (2FA) browser extensions, user credentials and cryptocurrency wallets.
Among infostealers, the Bratislava-based firm noted that the long-dominant Agent Tesla malware was replaced by Formbook.
Sometimes referred to as XLoader, Formbook has been active since 2016 but continues to be frequently used by cybercriminals because as malware-as-a-service (MaaS) it is under constant development, noted one malware analyst in ESET’s H2 2024 Threat Report.
Meanwhile, despite notorious “infostealer-as-a-service” Redline Stealer being taken down by international authorities in October 2024 as part of Operation Magnus it is expected that its demise will lead to the expansion of other similar threats, according to ESET.
Alexandre Côté Cyr, ESET Malware Researcher, said in ESET’s H2 2024 Threat Report that the creator of the RedLine infostealer is unlikely to try and resurrect the malware.
“RedLine affiliates will also probably want to move on, since law enforcement now has the database with their usernames and last-used IP,” he said.
“All in all, we can expect that the power vacuum left by RedLine’s takedown will lead to a bump in the activity of other MaaS infostealers.”
On ransomware, the firm’s analysis noted that following the takedown of the notorious LockBit ransomware, a vacuum has been created which is being filled by other threat actors.
Notably, RansomHub ransomware-as-a-services has become dominant in the latter half of 2024. ESET said it has “stacked up hundreds of victims by the end of H2 2024.”
“The second half of 2024 seems to have kept cybercriminals busy finding security loopholes and innovative ways to expand their victim pool, in the usual cat-and-mouse game with defenders. As a result, we’ve seen new attack vectors and social engineering methods, new threats skyrocketing in our telemetry, and takedown operations leading to shake-ups of previously established ranks,” commented Jiří Kropáč, ESET Director of Threat Detection.