Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation

This McAfee blog analyzes the Lumma Stealer malware campaign distributed through Telegram channels, detailing a multi-stage .NET/V C++ dropper that decrypts and injects payloads, a .NET infostealer and a clipper that hijacks cryptocurrency clipboard contents, and lists IOCs (multiple archive hashes, Telegram channel links, and the C2 domain marshal-zhukov.com) alongside observed TTPs used for persistence and data exfiltration.