Microsoft yesterday announced that Lumma, a complex password stealing malware has penetrated an estimated 394,000 Windows PCs. This shocking find is indicative of the growing threat that Lumma poses. It is more commonly transmitted through questionable games and pirated software that users download from the web.
Lumma has served as a backdoor for cybercriminals, who have used it to install other malware, including ransomware, on infected devices. This malware has an immediate link to major cyberattacks on the world stage. These coordinated cyber attacks focus on large technology companies to commandeer three billion bits of sensitive customer data. That’s why Lumma has launched with such high profile attacks on both PowerSchool and Snowflake. These associations are custodians of vital data for K-12 education and higher education cloud services respectively.
The mechanics of Lumma are concerning. It works by a peer-to-peer network of command and control servers that allow hackers to securely control these infected devices. In one damning example, Lumma broke into internal PowerSchool passwords by hacking into the machines of PowerSchool engineers. In the same way, this malware was responsible for the exposure of Snowflake customer passwords, which were discovered floating around on the dark web.
To counter such threats, Valve acted swiftly and decisively by pulling down a video game demo known or believed to contain Lumma. This removal will prevent users from downloading the malware without realizing it in an attempt to find entertainment on the web. Microsoft’s recent discoveries and subsequent response highlight the need to tackle this emerging cybersecurity threat head-on.
To combat the spread of Lumma, Microsoft has initiated civil action to request a federal court’s intervention in seizing 2,300 domains linked to Lumma’s command and control infrastructure. This legal action is intended to shut down the activities of cybercriminals who are using Lumma for illegal activities.
Though undeniable, Lumma’s rise is a cause for celebration, but a reminder that we must not take our progress for granted. There you have it, folks. It is up to users to look to trusted resources to keep their personal information safe. Follow these steps to protect your devices from malicious attacks.
Leave a Reply