New York, December 6, 2024 –Lumma Stealer and Amadey Bot exploit manufacturing systems via spear-phishing and LOLBins, enabling data theft and persistent control over factories.
In a shocking turn of events, the manufacturing industry finds itself under siege by cybercriminals deploying Lumma Stealer and Amadey Bot.
A sophisticated multi-stage cyberattack uncovered by Cyble Research and Intelligence Labs (CRIL) has targeted factory systems, exploiting legitimate tools like PowerShell and Living-off-the-Land Binaries (LOLBins) to bypass traditional security defenses.
The attack begins with spear-phishing emails containing LNK files disguised as documents, tricking victims into triggering a chain of malicious commands.
Once executed, these commands use tools like ssh.exe and mshta.exe to inject Lumma Stealer and Amadey Bot payloads into system memory, enabling the theft of sensitive data and long-term system control.
CRIL highlighted the severity of the attack, stating:
The threat actors leveraged legitimate system processes to evade detection. The Lumma Stealer’s ability to exfiltrate login credentials is alarming. The use of LOLBins is a clear sign of escalating sophistication in cyberattacks.
The attackers used DLL sideloading to load encrypted payloads, leaving no malicious files on disk, making detection nearly impossible. The Amadey Bot ensures persistence through scheduled tasks, allowing attackers to retain access even after removal attempts.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
