The National Cybersecurity Authority (AKSK) has published a detailed technical analysis of the malicious file Lumma Stealer, an infostealer tool that is being widely used to collect sensitive data from compromised devices.
Lumma Stealer is distributed through illegal online forums as part of the Malware-as-a-Service (MaaS) model and is designed to steal information such as browser credentials, password manager data, cryptocurrency wallets, as well as profiles from popular applications like Telegram and Discord.
The report’s findings highlight the use of advanced evasion techniques, including:
- the use of AutoIT scripts to hide and execute shellcode
- code injection into legitimate system processes such as chrome.exe
- transmission of stolen information via an encrypted Telegram channel
The analysis also includes:
- indicators of compromise (IoCs) to help identify and block the threat
- descriptions of encoded functions that hinder detection and analysis
- concrete recommendations for entities managing critical systems and data
AKSK continues to strengthen its capabilities in identifying and analyzing cyber threats, making technical resources and guidance available to the professional community and public institutions, in support of enhancing digital resilience.
The full technical analysis is available on the official AKSK website at the following link: https://aksk.gov.al/en/technical-analysis-of-the-malicious-file-lumma-stealer/