Real Value or AI Trash?

Read the Forrester Report
Blog
Pricing
CN_blog-thumb_insights-B
Threat Alerts
Back to Blog
Threat Alerts

How Cynet Blocked the Latest Lumma Stealer Campaign

Subscribe to get the latest updates and resources

Facebook X-twitter Linkedin
January 7, 2025by: Cynet’s Orion Team

Cynet’s Orion Threat Research Team has tracked a large-scale campaign to distribute the Lumma Stealer malware through fake CAPTCHA pages. After monitoring smaller scale Lumma Stealer circulation for months, Orion observed a significant surge in attempted attacks over the holidays.

Lumma Stealer is an infostealer designed to breach systems and exfiltrate valuable data such as logins, financial records or crypto wallet credentials. It can be licensed for use through malware-as-a-service models in cybercriminal forums.

In this recently observed campaign, Lumma Stealer was delivered through malicious ads, a tactic known as “malvertising.” The malicious ads direct to a fake CAPTCHA page which asks users to verify they are human. Clicking through the fake CAPTCHA verification process initiates the download of Lumma Stealer. Execution details were reported in a BleepingComputer article.

Source: BleepingComputer

Cynet partners and customers are fully protected.

The All-in-One Cybersecurity Platform successfully blocked thousands of Lumma Stealer infection attempts targeting dozens of customers since the campaign launched.

By detecting and preventing Lumma Stealer in the initial stages of each attempted attack, Cynet effectively safeguarded customers’ sensitive information while ensuring their environments remain secure against further compromise.

These results reflect Cynet’s commitment to complete protection for partners and customers, empowering their teams to focus on their 2025 business goals with confidence. Successful protection against Lumma Stealer also highlights the importance of proactive security capabilities, combined with a Zero Trust approach and actionable cyber threat intelligence.

Cynet is proud to have provided these protections for customers and partners before the Lumma Stealer campaign began. The outcomes exemplify how the All-in-One Cybersecurity Platform, which recently achieved 100% Visibility and 100% Detection in the 2024 MITRE ATT&CK Evaluation, makes it easy for MSP and SME cybersecurity teams to stay a step ahead of emerging threats.

Related Posts

Threat Intelligence
ECHO Findings: Data Exfiltration and The Quiet Evolution of Ransomware 
Threat Alerts
January 2026 Cyber Threat Landscape: New Year, New Attacks, Same Headaches for Security Teams 
Threat Alerts
React2Shell (CVE-2025-55182): The RCE That's Shaking the Modern Web
Research Reports & Alerts
Cynet Achieves 100% Protection, 100% Detection in Third Straight MITRE ATT&CK Evaluation 
Actionable Insights
CyOps Analysis: FreePBX Critical Vulnerability

Keep Reading

CN_CyOps-BG-web-scaled
Threat Intelligence
ECHO Findings: Data Exfiltration and The Quiet Evolution of Ransomware 
Read More
January CTI Hand Safe
Threat Alerts
January 2026 Cyber Threat Landscape: New Year, New Attacks, Same Headaches for Security Teams 
Read More
blog-bg-threat-3
Threat Alerts
React2Shell (CVE-2025-55182): The RCE That's Shaking the Modern Web
Read More

Search results for: