Lumma Stealer Developers Doxxed – Against Invaders – Notícias de CyberSecurity para humanos.

Lumma Stealer Developers Doxxed - Against Invaders - Notícias de CyberSecurity para humanos.

Lumma Stealer operations have been unravelling and a recent doxxing campaign targeted individuals allegedly affiliated with malware development and administration.

Sensitive details of these core members have been leaked following the doxxing campaign. The attack is suspected to have been carried out by cybercrime competitors, according to a Trend Micro report.

Lumma Stealer is one of the most notoriousinfostealers and first appeared in the wild in 2022. Its position at the top “made it a prime target” for takedown operations and underground exposure campaigns, noted the Trend Micro’s analysis.

In September, the security firmnoted a decline in new command and control (C2) infrastructure activity associated with Lumma Stealer and reduction in the number of endpoints targeted.

Trend Micro said this aligns with a targeted underground exposure campaign that has put the spotlight on five individuals allegedly linked to the Lumma Stealer operation.

The role of those identified included individuals responsible for operational oversight as well as more technical roles associated with crypter development for malware obfuscation. Their information was shared on a website called Lumma Rats.

The information shared included passport numbers, bank account information, email addresses and links to various online profiles.

“The exposure campaign was accompanied by threats, accusations of betrayal within the cybercriminal community, and claims that the Lumma Stealer team had prioritized profit over the operational security of their clients. The campaign’s consistency and depth suggest insider knowledge or access to compromised accounts and databases,” the Trend Micro analysis said.

It is noted that this information has not been independently verified.

The doxxing took place between last August and October 2025.

Lumma Stealer distribution has been fueled by the use of Telegram, as part of the supposed doxing there a representative of the group posted on an underground forum that their Telegram accounts had been stolen.

The Telegram accounts were reportedly compromised on September 17, further disrupting their ability to communicate with customers and coordinate operations.

While Lumma Stealer faces significant disruption, its users are now discussing alternative information stealer solutions on forums and Telegram channels.

Trend Micro noted Vidar andStealChave emerged as the primary replacement options, with many users reporting migrations to these platforms due to Lumma Stealer’s instability and loss of support.

Shifts in pay-per-install (PPI) services such asAmadey have also emerged. PPIs have been widely used to deliver infostealer payloads and with the recent Lumma drop in activity, Amadey has also experienced reduced demand.

In May 2024, Microsoft and law enforcement partners disrupted the infrastructure behind Lumma Stealer by blocking over 2000 domains. The operation also identified 394,000 infested Windows computers and seized the Lumma control panel.

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.