Overview

LummaC2 is an information-stealing malware strain that targets Windows systems and is available as a Stealer-as-a- Service. The malware collects various target system data, including:

• Operating system (OS) version
• Hardware ID
• CPU
• RAM.

LummaC2 also has the capabilities to exfiltrate files and extract data from specific applications, including sensitive information from cryptocurrency wallets and two-factor authentication extensions. The malware utilises obfuscation and code randomisation techniques to evade detection within target environment, thus maintaining a significant level of stealth within associated operations.

LummaC2 is distributed through various methods, including illegal cracks, keygens, phishing campaigns, a s well as via disguised software setup files. The stealware has been detected as being utilised by threat actors in conjunction with additional malware variants, such as RedLine Stealer and Amadey Loader. As of the time of writing, LummaC2 malware is being sold by a threat actor operating under different aliases on underground forums.

The most notable current events involving LummaC2 include its distribution through a phishing campaign exploiting OpenAI’s ChatGPT software and its involvement in spreading the SectopRAT payload through the Amadey Bot malware.