In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Trickbot Watch: Arrival via Redirection URL in Spam
May 20, 2019
Trend Micro discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. In this particular case, the variant used Google to redirect from the URL hxxps://googledm:443/url?q=<trickbot downloader>, whereby the URL in the query string, url?q=<url>, is the malicious URL that the user is redirected to. ...
- Security researchers discover Linux version of Winnti malware
May 20, 2019
For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade. Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to ...
- Mobile Risks Boom in a Post-Perimeter World
May 16, 2019
Cybercriminals are now taking a mobile-first approach to hacking the enterprise. Case in point, last month a half-billion Apple iOS users were stung by an attack exploiting an unpatched bug in Chrome for iOS. Crooks managed to hijack user session and redirect traffic to malicious websites booby-trapped with malware. Attacks like these demonstrate just how widespread and effective ...
- Spam and phishing in Q1 2019
May 15, 2019
As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites. But most often, users were invited to order gifts for loved ones and buy medications such as ...
- Intel CPUs Impacted By New Class of Spectre-Like Attacks
May 14, 2019
A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing ...
- Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
May 13, 2019
A vulnerability disclosed today allows hackers to plant persistent backdoors on Cisco gear, even over the Internet, with no physical access to vulnerable devices. Named Thrangrycat, the vulnerability impacts the Trust Anchor module (TAm), a proprietary hardware security chip part of Cisco gear since 2013. This module is the Intel SGX equivalent for Cisco devices. The TAm ...