Lumar Stealer Grabs Passwords

Lumar, a lightweight malware coded in the C programming language, falls under the category of information-stealing software. This program is designed to pilfer various data, such as Internet cookies, stored passwords, and cryptocurrency wallet details.

The presence of Lumar was initially observed on hacker forums in July 2023. Since it is being offered for sale, the way it spreads may vary depending on the cybercriminals who deploy it.

Once Lumar infiltrates a system, it initiates the collection of pertinent device information, including device names, CPU specifications, RAM, and keyboard layouts.

Stealer-type malware predominantly focuses on harvesting data stored in web browsers, and Lumar is no exception. This malicious software is tailored to extract Internet cookies, login credentials (such as usernames, IDs, email addresses, passwords, and passphrases), and also targets sessions on the Telegram Messenger platform. Additionally, it gathers data related to cryptocurrency wallets.

Lumar possesses grabber functionality, allowing it to download files from victims' desktops, with particular interest in formats like DOC, TXT, XLS, RDP, and JPG.

It's important to note that malware developers frequently update their software, so potential future versions of Lumar may have an expanded list of targets or additional and different capabilities.

What Risks Does Infostealing Malware Pose to Your Privacy?

Infostealing malware poses significant risks to your privacy, as it is designed to surreptitiously collect sensitive and personal information from your computer or device. Here are some of the key risks it poses:

• Data Theft: Infostealing malware is specifically created to steal personal and confidential data, including login credentials, financial information, and personal identification details. This data can be used for identity theft, financial fraud, or even sold on the dark web.
• Identity Theft: Stolen personal information can be used to impersonate you, opening the door to identity theft. Attackers may create accounts or engage in fraudulent activities in your name, causing significant harm to your reputation and finances.
• Financial Loss: If your banking or credit card information is stolen, you may experience financial losses as cybercriminals use this data to make unauthorized transactions or drain your accounts.
• Privacy Invasion: The malware can capture private communications, such as emails or instant messages, compromising your personal conversations and potentially revealing sensitive information.
• Unauthorized Access: Infostealing malware can steal login credentials for various online accounts, including email, social media, and online shopping websites. Attackers can use this access to invade your online privacy and potentially carry out malicious activities on your behalf.
• Data Exposure: Once your personal data is in the hands of cybercriminals, there's a risk that it could be exposed or published online, leading to public embarrassment and potential legal consequences.
• Emotional Distress: The invasion of privacy and potential consequences of data theft can lead to significant emotional distress, anxiety, and stress.