Cynet’s Orion Threat Research Team has tracked a large-scale campaign to distribute the Lumma Stealer malware through fake CAPTCHA pages. After monitoring smaller scale Lumma Stealer circulation for months, Orion observed a significant surge in attempted attacks over the holidays.

Lumma Stealer is an infostealer designed to breach systems and exfiltrate valuable data such as logins, financial records or crypto wallet credentials. It can be licensed for use through malware-as-a-service models in cybercriminal forums.

In this recently observed campaign, Lumma Stealer was delivered through malicious ads, a tactic known as “malvertising.” The malicious ads direct to a fake CAPTCHA page which asks users to verify they are human. Clicking through the fake CAPTCHA verification process initiates the download of Lumma Stealer. Execution details were reported in a BleepingComputer article.

Source: BleepingComputer

Cynet partners and customers are fully protected.

The All-in-One Cybersecurity Platform successfully blocked thousands of Lumma Stealer infection attempts targeting dozens of customers since the campaign launched.

By detecting and preventing Lumma Stealer in the initial stages of each attempted attack, Cynet effectively safeguarded customers’ sensitive information while ensuring their environments remain secure against further compromise.

These results reflect Cynet’s commitment to complete protection for partners and customers, empowering their teams to focus on their 2025 business goals with confidence. Successful protection against Lumma Stealer also highlights the importance of proactive security capabilities, combined with a Zero Trust approach and actionable cyber threat intelligence.

Cynet is proud to have provided these protections for customers and partners before the Lumma Stealer campaign began. The outcomes exemplify how the All-in-One Cybersecurity Platform, which recently achieved 100% Visibility and 100% Detection in the 2024 MITRE ATT&CK Evaluation, makes it easy for MSP and SME cybersecurity teams to stay a step ahead of emerging threats.