BITDEFENDER researchers report a resurgence of LummaStealer, a widely used info-stealing malware that had previously faced significant disruption from law enforcement in 2025. This revival is attributed to its adaptive capabilities, relying on social engineering tactics rather than technical exploits, with users often tricked into executing the malware through fake software and media downloads.
A key delivery mechanism, CastleLoader, aids in spreading LummaStealer, utilizing sophisticated obfuscation and execution techniques. Recent campaigns increasingly employ deceptive 'ClickFix' methods that manipulate web interaction into malicious command execution. Major findings indicate that LummaStealer has effectively rebuilt its infrastructure, continues to exploit social engineering vulnerabilities, and poses severe privacy risks through extensive data theft.