Lumma Stealer Found in Fake Crypto Tools and Game Mods on GitHub

McAfee Labs uncovers malicious GitHub repositories distributing Lumma Stealer malware disguised as game hacks and cracked software. Learn how to protect yourself.

McAfee Labs, the threat research arm of cybersecurity giant McAfee, has recently uncovered a disturbing trend: the exploitation of popular platforms like GitHub to distribute malware. Their research reveals a network of malicious repositories offering seemingly legitimate content such as game hacks, cracked software, and free cryptocurrency tools, all designed to lure unsuspecting users into downloading and executing harmful code.

These repositories, often disguised with professional-looking features like distribution licenses and screenshots, leverage the trust and accessibility of GitHub to deceive users. Attackers strategically target individuals seeking an edge in popular games like Minecraft, Roblox, and Call of Duty, or those looking for free access to premium software like Spotify and Adobe Express.

Attack vector (Via McAfee)

The Lumma Stealer is the primary type of malware being distributed through these repositories. Promises of game hacks, cracked software, or free cryptocurrency tools lure users. Once on the repository, they are instructed to download and execute a file disguised as the promised software.

The downloaded file is typically a variant of the Lumma Stealer malware, which then collects sensitive information, including login credentials, cryptocurrency wallet information, browser history, cookies, and personally identifiable information, and extracts the stolen data to command-and-control servers controlled by the attackers.

“Every week, a new set of repositories with a new malware variant is released, as the older repositories are detected and removed by GitHub. These repositories also include distribution licenses and software screenshots to enhance their appearance of legitimacy,” McAfee’s Aayush Tyagi explained in a blog post.

To further lure users, these repositories often instruct victims to disable their antivirus software, claiming it will interfere with the downloaded program. This crucial step effectively disarms the user’s primary line of defence, allowing the malware to operate undetected and steal sensitive information such as login credentials, cryptocurrency wallet data, and browsing history.

Children and young adults, particularly avid gamers, are prime targets for these attacks. The allure of game hacks, offering advantages like aimbots and speed hacks, and that the package includes an advanced Anti-Ban system to prevent account suspension, are highly appealing, making them more susceptible to falling victim to these deceptive tactics.

Google search shows the malicious GitHub repository and a YouTube video where scammers are using descriptions to spread the repository (Via McAfee)

****McAfee’s Response and Recommendations:****

McAfee Labs is actively mitigating this threat by blocking malicious URLs, detecting and blocking downloaded malware, and providing comprehensive security solutions to protect users. The company recommends enhancing your security posture, such as keeping antivirus and anti-malware software up-to-date and practising cautious online behaviour. Regular system updates with the latest security patches are also crucial.

1. Fake League of Legends Download Ads Spread Lumma Stealer
2. Banshee Stealer Hits macOS Users via Fake GitHub Repositories
3. Hackers Use Excel Files to Drop Remcos RAT Variant on Windows
4. Fake OnlyFans Checker Tool Infects Hackers with Lummac Stealer
5. YouTube Channels Hacked, Drop Lumma Stealer via Cracked Software