LummaStealer Returns, Teams with CastleLoader Dropper for Stealthy Access

Bitdefender’s threat‑research team has confirmed that the long‑dormant LummaStealer infostealer has resurfaced, now piggybacking on the CastleLoader dropper to gain an initial foothold on victim machines. The combined chain is delivered through highly engineered social‑engineering lures that mimic legitimate user actions—such as software updates, document sharing, or routine IT requests—making it difficult for conventional signature‑based tools and basic heuristic filters to spot the malicious payloads.

The renewed LummaStealer‑CastleLoader duo steals credentials, browser data, and system information while remaining under the radar, increasing the risk of credential stuffing, lateral movement, and data exfiltration campaigns. Defenders should update detection rules, monitor for anomalous CastleLoader execution patterns, and reinforce user awareness training to counter these deceptive entry vectors before the threat actors can establish persistence.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article