Lumma InfoStealer Malware Identified as a Threat to Educational Institutions

🔴 Cybercriminals Are Targeting the Education Sector!

As cybersecurity challenges continue to grow in complexity, a new threat has emerged—Lumma InfoStealer, a malicious software (malware) designed to target educational institutions. This malware spreads through infected PDF documents, disguised as legitimate files, and is intended to steal confidential user data.

Key Features of Lumma InfoStealer

❗ Spreads via LNK files – The malware uses malicious shortcut (LNK) files that appear to be genuine PDF documents.

❗ Multi-stage infection process – Once the file is opened, a special PowerShell command is executed, downloading and launching the malicious code.

❗ AES encryption for stealth operations – The PowerShell script is encrypted, making it harder to detect and prevent.

How Does the Attack Work?

1️⃣ The user downloads a malicious LNK file, which is disguised as an academic or technical document.

2️⃣ When executed, the PowerShell command connects to a remote server.

3️⃣ The server downloads and runs the Lumma InfoStealer malware.

4️⃣ The malware scans the system for sensitive data, such as passwords, cryptocurrency wallets, and confidential files.

5️⃣ Stolen data is encrypted and transmitted to the attackers.

How Does Lumma InfoStealer Operate?

🔸 Malware-as-a-Service (MaaS) Model – The malware is developed as a commercial cybercrime tool, written in C, offering cybercriminals ready-made hacking capabilities.

🔸 Code Obfuscation – The malicious code is initially hidden using JavaScript and PowerShell, making it difficult for antivirus software to detect.

🔸 Encrypted Data Transmission – All stolen data is transmitted securely using AES encryption, preventing interception.

🔸 Unconventional C2 Communication Methods – If primary command-and-control (C2) servers are blocked, Lumma Stealer can use Steam profiles for data transmission.

Why Is This a Threat to Educational Institutions?

⚠ Theft of Scientific and Financial Data – Research findings and financial reports could fall into the wrong hands.

⚠ Compromise of Student and Faculty Information – Browser passwords, personal documents, and emails may be stolen.

⚠ System Disruption – Infected computers may become non-functional or be used for further cyberattacks.

How to Protect Against Lumma InfoStealer?

✅ Strengthening Cybersecurity

• Always verify file authenticity before opening.
• Enable antivirus software and Endpoint Detection & Response (EDR) systems.
• Be cautious of .lnk files, as they may be disguised as documents.

✅ Managing PowerShell Scripts and LNK Files

• Configure PowerShell to allow only trusted scripts.
• Deploy security solutions that automatically scan LNK files.

✅ Regular Updates and Monitoring

• Keep your operating system and security patches up to date.
• Use SIEM and IDS/IPS tools to detect suspicious network activity.

Lumma InfoStealer poses a serious cybersecurity threat to educational institutions. It is capable of stealing sensitive data, disrupting systems, and compromising universities and research centers.

📢 What Should Be Done?

🛡 Educational institutions must act immediately to strengthen cybersecurity, raise user awareness, and implement effective security measures.

⚠ Do not ignore cyber threats! Regularly update software, verify downloaded files, and continuously monitor network security!