Skip to main content

Home LummaStealer


Also known as: LummaC2

Category: Malware

Type: Information stealer

Platform: Windows


Damage potential: Stolen credentials, unauthorized access to accounts, financial loss, identity theft


LummaStealer is an information stealer that operates on a MaaS (malware-as-a-service) model. It can extract a wide range of sensitive data, including login credentials, cookies, browser histories, and credit card or cryptocurrency wallet details.

LummaStealer emerged in 2022 and has been actively updated ever since. The latest versions of the malware can use trigonometry to calculate mouse movements of humans to evade detection and automated analysis, which makes it difficult for cybersecurity experts to study the behavior of the malware and develop effective solutions.

Possible symptoms

Over time, LummaStealer developed sophisticated evasion techniques, so the most obvious signs of infection are unauthorized access to your accounts or suspicious transactions. More implicit signs of LummaStelaer malware are often related to system behavior:

  • Sluggish system performance or frequent crashes
  • Increased network activity
  • Changes in browser behavior, such as new browser extensions, unexpected changes in browser settings, or pop-ups showing more often than usual
  • Unfamiliar files appearing on system folders

Sources of the infection

Like most other malware, LummaStealer often gets onto a device through phishing emails with malicious links or attachments. In other cases, LummaStealer can be disguised as a software or browser update and infect the device of an unsuspecting user.


Always browse with caution and keep your software updated to protect yourself from LummaStealer.

  • Do not click on suspicious links or open attachments from unfamiliar senders.
  • Do not download software from unofficial sources and be skeptical of software updates that come as an email or a pop-up.
  • Use NordVPN’s Threat Protection feature to block malicious websites, scan downloads for malware, and avoid pop-ups and ads.
  • Install reliable antivirus software and keep it updated.
  • Create strong and unique passwords for your online accounts.
  • Enable MFA (multi-factor authentication) to prevent attackers from accessing your accounts, even if they stole your login credentials.


If you think you might have LummaStealer on your device, you need to act quickly to limit the damage.

  • Disconnect your device from the internet to stop the malware from communicating with its control server.
  • Boot into safe mode.
  • Run a full system scan using a reputable antivirus solution.
  • Reset browser settings to the default version, especially if you suspect LummaStealer compromised your browser.
  • Change passwords for online services.

If you’re still not sure you completely removed LummaStealer from your device, consider getting help from IT professionals.