mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

645
comptes actifs

#lumma

0 message0 participant0 message aujourd’hui
Bob Carver<p>Lumma Stealer Takedown Reveals Sprawling Operation<br><a href="https://www.darkreading.com/cybersecurity-operations/lumma-stealer-takedown-sprawling-operation" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/cybersecurity-</span><span class="invisible">operations/lumma-stealer-takedown-sprawling-operation</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/FBI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FBI</span></a> <a href="https://infosec.exchange/tags/LawEnforcement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LawEnforcement</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infostealer</span></a></p>
securityaffairs<p>Law enforcement dismantled the infrastructure behind <a href="https://infosec.exchange/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> <a href="https://infosec.exchange/tags/Stealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stealer</span></a> MaaS<br><a href="https://securityaffairs.com/178176/cyber-crime/law-enforcement-dismantled-the-infrastructure-behind-lumma-stealer-maas.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/178176/cyb</span><span class="invisible">er-crime/law-enforcement-dismantled-the-infrastructure-behind-lumma-stealer-maas.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/malwae" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malwae</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> says 394,000 <a href="https://mastodon.thenewoil.org/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> computers infected by <a href="https://mastodon.thenewoil.org/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> globally</p><p><a href="https://www.cnbc.com/2025/05/21/microsoft-malware-windows.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cnbc.com/2025/05/21/microsoft-</span><span class="invisible">malware-windows.html</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Sekoia.io<p>In early 2025, the ClearFake framework widely spread <a href="https://infosec.exchange/tags/Emmenhtal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Emmenhtal</span></a> Loader as the initial stage, aiming to download <a href="https://infosec.exchange/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> or <a href="https://infosec.exchange/tags/Rhadamanthys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rhadamanthys</span></a>, or PowerShell scripts installing <a href="https://infosec.exchange/tags/Vidar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vidar</span></a>.</p><p>We identified thousands of sites compromised with ClearFake distributing these malware.</p>
crep1x<p><a href="https://infosec.exchange/tags/ClearFake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClearFake</span></a> variant (without using the EtherHiding technique) is spreading the <a href="https://infosec.exchange/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> via the <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> tactic on compromised websites.</p><p>- Sends fingerprint data to 176.59.196.]133/ip.php<br>- Copies PowerShell script to clipboard<br>- Downloads ZIP from GitHub<br>- Executes Lumma</p><p>Example of website compromised by ClearFake on urlscan:<br><a href="https://urlscan.io/result/fa9231e0-8499-46ac-a616-1c5509cba545/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">urlscan.io/result/fa9231e0-849</span><span class="invisible">9-46ac-a616-1c5509cba545/</span></a></p><p>PowerShell script copied to clipboard:<br><a href="https://gist.github.com/qbourgue/61064f3c1acdcad88a04f3d1eef9db9a" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/qbourgue/61064</span><span class="invisible">f3c1acdcad88a04f3d1eef9db9a</span></a></p><p>Malicious ZIP payload (Lumma):<br><a href="https://tria.ge/241029-1dp31s1phk/behavioral2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tria.ge/241029-1dp31s1phk/beha</span><span class="invisible">vioral2</span></a></p><p>Lumma C2:<br>requireow.]biz<br>snailyeductyi.]sbs<br>ferrycheatyk.]sbs<br>deepymouthi.]sbs<br>wrigglesight.]sbs<br>captaitwik.]sbs<br>sidercotay.]sbs<br>heroicmint.]sbs<br>monstourtu.]sbs</p><p>Payload hosting URL (404):<br>hxxps://github.]com/Vlad-A41323/PowerSheell/raw/refs/heads/main/Seven_NSKJY_x91.2.zip</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@rmceoin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rmceoin</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@threatcat_ch" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>threatcat_ch</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@cyberamateur" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cyberamateur</span></a></span></p>
Not Simon<p><strong>Proofpoint</strong> identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading to the download of Vidar, StealC and Lumma information stealers. IOC provided. 🔗 <a href="https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">proofpoint.com/us/blog/threat-</span><span class="invisible">insight/threat-actors-deliver-malware-youtube-video-game-cracks</span></a></p><p><a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOC</span></a> <a href="https://infosec.exchange/tags/YouTube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YouTube</span></a> <a href="https://infosec.exchange/tags/Vidar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vidar</span></a> <a href="https://infosec.exchange/tags/StealC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StealC</span></a> <a href="https://infosec.exchange/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infostealer</span></a></p>
Matt Willemsen<p>Vibrator virus steals your personal information<br><a href="https://www.malwarebytes.com/blog/news/2024/02/vibrator-virus-steals-your-personal-information" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malwarebytes.com/blog/news/202</span><span class="invisible">4/02/vibrator-virus-steals-your-personal-information</span></a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.social/tags/ToothbrushBotnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ToothbrushBotnet</span></a> <a href="https://mastodon.social/tags/vibrator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vibrator</span></a> <a href="https://mastodon.social/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a>—as—a—Service <a href="https://mastodon.social/tags/MaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MaaS</span></a> <a href="https://mastodon.social/tags/USB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USB</span></a>#charging</p>
Teddy / Domingo (🇨🇵/🇬🇧)<p><a href="https://framapiaf.org/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> Says <a href="https://framapiaf.org/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> Abusing API Is Standard Token Theft, Not an API Issue. In late November 2023, BleepingComputer reported on two information-stealing <a href="https://framapiaf.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> operations named <a href="https://framapiaf.org/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> and <a href="https://framapiaf.org/tags/Rhadamanthys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rhadamanthys</span></a>,<br><a href="https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/?&amp;web_view=true" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/?&amp;web_view=true</span></a></p>
Teddy / Domingo (🇨🇵/🇬🇧)<p>A new <a href="https://framapiaf.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> loader is being used by threat actors to deliver a wide range of information stealers such as <a href="https://framapiaf.org/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> Stealer (aka LummaC2), <a href="https://framapiaf.org/tags/Vidar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vidar</span></a>, <a href="https://framapiaf.org/tags/RecordBreaker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RecordBreaker</span></a> (aka <a href="https://framapiaf.org/tags/Raccoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Raccoon</span></a> Stealer V2), and <a href="https://framapiaf.org/tags/Rescoms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rescoms</span></a>.<br><a href="https://framapiaf.org/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi.<br><a href="https://thehackernews.com/2023/12/new-rugmi-malware-loader-surges-with.html?&amp;web_view=true" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2023/12/new-</span><span class="invisible">rugmi-malware-loader-surges-with.html?&amp;web_view=true</span></a><br><a href="https://framapiaf.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://framapiaf.org/tags/trojans" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trojans</span></a> <a href="https://framapiaf.org/tags/rugmi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rugmi</span></a></p>
crep1x<p>After several days of inactivity, <a href="https://infosec.exchange/tags/ClearFake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClearFake</span></a> operator resumed updating its delivery infrastructure on 22 Nov.</p><p>The "fake updates" threat is currently delivering <a href="https://infosec.exchange/tags/Lumma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lumma</span></a> stealer using a downloader, that then downloads <a href="https://infosec.exchange/tags/Amadey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Amadey</span></a> (loading <a href="https://infosec.exchange/tags/SectopRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SectopRAT</span></a>) and other unidentified payloads.</p><p>Last two days' ClearFake infrastructure:</p><p>midatlanticlabel.]com<br>thebestthings1337.]online<br>theoptimistfirst.]site<br>howmuchtimeuneed.]online<br>dfjoiners.]com<br>excellentpatterns.]com</p><p>109.248.206.]51<br>109.248.206.]106<br>109.248.206.]160</p><p>Current ClearFake infection chain:</p><p>hxxps://excellentpatterns.]com/fEOV2v/<br>hxxps://excellentpatterns.]com/a3A7qLVn<br>hxxps://excellentpatterns.]com/lander/hyk7789hgd/_cf.php<br>hxxps://excellentpatterns.]com/?_lp=1&amp;_token=(...)</p><p>Payload still hosted on Dropbox<br><a href="https://tria.ge/231124-j8b17shh91/behavioral2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tria.ge/231124-j8b17shh91/beha</span><span class="invisible">vioral2</span></a></p><p>Downloader C2:<br>2subsmepjzqnvvukhd.]fun</p><p>Lumma C2:<br>defrosscrappeo.]pw</p><p>Amadey C2:<br>185.172.128.]100</p><p>Server hosting payloads:<br>185.172.128.]160</p><p>Congrats to <span class="h-card" translate="no"><a href="https://infosec.exchange/@monitorsg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monitorsg</span></a></span> for monitoring "fake updates" infection chains and sharing them!</p>