Lumma Stealer, a malware that once infected 395,000 Windows computers, has reemerged after law enforcement disrupted its operations. Using deceptive tactics like fake CAPTCHAs, it tricks users into installing the malware themselves. The infrastructure has quickly rebuilt, posing a renewed threat worldwide.

Datadog reports an ongoing campaign using fake GitHub repositories to trick users into installing infostealers via the ClickFix technique. The threat actor targets established software brands and has introduced a new variant called SHub Stealer v2.0, which includes advanced features like persistence and remote access.

A malware campaign is using fake guides for OpenAI's Atlas browser to lure macOS users into downloading an infostealer named AMOS. Victims are tricked into executing a malicious command that harvests sensitive data and installs a backdoor for remote access. Basic cybersecurity practices can help prevent these attacks.

Over 149 million stolen usernames and passwords were discovered online, affecting platforms like TikTok, Netflix, and several financial services. The data leak, found by cybersecurity researcher Jeremiah Fowler, highlights the risks of infostealer malware and the importance of password security. It took a month to take the exposed database offline, raising concerns about the potential for automated attacks.

A new campaign exploits Google search ads to direct macOS users to malicious ChatGPT and Grok conversations. These chats contain instructions that, when executed, install the AMOS infostealer malware, compromising sensitive information. Users are advised to be cautious and avoid running unknown commands.

Recent reports of a massive credentials leak are misleading, as the exposed data comprises previously stolen credentials collected over time from infostealers and data breaches, rather than a new data breach. Users are advised to maintain good cybersecurity practices, including using unique passwords and enabling two-factor authentication to protect their accounts from potential threats.

Billions of stolen cookies are currently for sale online, with a significant percentage remaining active and exploitable, posing serious security risks to users. Cybercriminals can use these cookies to gain unauthorized access to personal accounts and sensitive data, often bypassing traditional security measures like multi-factor authentication. Experts recommend being cautious with cookie acceptance and maintaining updated security practices to mitigate these threats.

Trellix's Advanced Research Center has uncovered a previously undetected infostealer malware named Myth Stealer, written in Rust and marketed on Telegram since late December 2024. This malware specifically targets video games, raising concerns about the security of the gaming community.

Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.

A malware campaign targeting Minecraft players has been uncovered, where malicious mods and cheats are used to infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. Conducted by the Stargazers Ghost Network, the operation utilizes GitHub to distribute fake mods, reaching thousands of potential victims while evading detection by antivirus software. To protect themselves, players are advised to download mods only from reputable sources and maintain caution when using GitHub links.

A hacker known as EncryptHub has compromised the early access game Chemia on Steam by injecting info-stealing malware into its files, specifically the HijackLoader and Fickle Stealer. The malware operates in the background, allowing it to harvest sensitive data from users while remaining undetected during gameplay. Users are advised to avoid downloading the game until further notice from the developer or Steam, as it remains unclear if the current version is safe.

More than 31,000 banking passwords from Australian customers of major banks have been stolen and are being traded online, primarily due to malware infections on users' devices. Cybersecurity experts warn that these stolen credentials pose a significant risk of financial theft, as infostealer malware can capture a wide range of sensitive information. The rise in infostealer infections highlights the ongoing threat to personal security and the need for effective protective measures.

A recent incident involving the LUMMA infostealer malware highlighted a new attack method where users were directed to a fake CAPTCHA page, leading to the execution of PowerShell commands that targeted sensitive browser data from Microsoft Edge and Google Chrome. The NCC Group's DFIR team documented the timeline of events, including initial access methods and various tactics employed by the malware to steal credentials.