Lumma Stealer Operations Disrupted by Doxxing Campaign

First reported

23.10.2025 14:30

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Lumma Stealer, also known as Water Kurita, has experienced a significant drop in activity since August 2025 due to a doxxing campaign. The campaign exposed the identities of five core group members, including their PII, financial records, and social media profiles. This disruption has led to a loss of customer trust and a shift to other stealers like Vidar and StealC. The doxxing campaign, named Lumma Rats, is believed to be driven by internal rivalries within the cybercriminal community. The campaign included threats and accusations of betrayal, suggesting insider knowledge or access to compromised accounts and databases. The disruption coincides with the emergence of Vidar Stealer 2.0, which features advanced capabilities and improved evasion techniques.

Timeline

23.10.2025 14:30 1 articles · 23h ago

Lumma Stealer Operations Disrupted by Doxxing Campaign
Since August 2025, Lumma Stealer has experienced a significant drop in activity due to a doxxing campaign that exposed the identities of five core group members. The campaign, named Lumma Rats, included the leakage of PII, financial records, and social media profiles. This disruption has led to a loss of customer trust and a shift to other stealers like Vidar and StealC. The doxxing campaign is believed to be driven by internal rivalries within the cybercriminal community, with threats and accusations of betrayal suggesting insider knowledge or access to compromised accounts and databases. The campaign coincides with the emergence of Vidar Stealer 2.0, which features advanced capabilities and improved evasion techniques.
Show sources

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More — thehackernews.com — 23.10.2025 14:30
Open in new tab

Information Snippets

Lumma Stealer's activity has decreased since August 2025 due to a doxxing campaign.
First reported: 23.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More — thehackernews.com — 23.10.2025 14:30
Five core members of Lumma Stealer were doxxed, including their PII, financial records, and social media profiles.
First reported: 23.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More — thehackernews.com — 23.10.2025 14:30
The doxxing campaign is believed to be driven by internal rivalries within the cybercriminal community.
First reported: 23.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More — thehackernews.com — 23.10.2025 14:30
Lumma Stealer's Telegram accounts were compromised on September 17, 2025.
First reported: 23.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More — thehackernews.com — 23.10.2025 14:30
Customers have shifted to other stealers like Vidar and StealC due to the disruption.
First reported: 23.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More — thehackernews.com — 23.10.2025 14:30
Vidar Stealer 2.0 has emerged with advanced capabilities and improved evasion techniques.
First reported: 23.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More — thehackernews.com — 23.10.2025 14:30