Home / Malware Reports / LummaC2 Stealware Report

LummaC2 Stealer Threat Overview

LummaC2 is an information-stealing malware strain that targets Windows systems and is available as a Stealer-as-a- Service. The malware collects various target system data, including:

  • Operating system (OS) version
  • Hardware ID
  • CPU
  • RAM.

LummaC2 also has the capabilities to exfiltrate files and extract data from specific applications, including sensitive information from cryptocurrency wallets and two-factor authentication extensions. The malware utilises obfuscation and code randomisation techniques to evade detection within target environment, thus maintaining a significant level of stealth within associated operations.

LummaC2 is distributed through various methods, including illegal cracks, keygens, phishing campaigns, a s well as via disguised software setup files. The stealware has been detected as being utilised by threat actors in conjunction with additional malware variants, such as RedLine Stealer and Amadey Loader. As of the time of writing, LummaC2 malware is being sold by a threat actor operating under different aliases on underground forums.

The most notable current events involving LummaC2 include its distribution through a phishing campaign exploiting OpenAI’s ChatGPT software and its involvement in spreading the SectopRAT payload through the Amadey Bot malware.


Successful compromise by stealware variants, such as LummaC2, will almost certainly result in the loss and compromise of significant quantities of target system data. Most significantly, the loss of sensitive company and client credentials to a threat actor involved in stealware operations will almost certainly have serious implications to the security and integrity of company systems, employees and customers.

If compromised credentials remain unactioned, there is a realistic possibility that they will be sold to a range of opportunistic threat actors and will subsequently be used to enhance the effectiveness of further attack campaigns. If victims have applied poor password hygiene (such as using identical passwords across multiple platforms and websites) a leak of one set of credentials can have a major knock-on effect with regards to a wide array of systems and potentially lead to further compromise.

The Quorum Cyber Threat Intelligence team provides ransomware reports so that you can better understand the threats facing your organisation.

Download your report to read more today.