LummaStealer Is Getting a Second Life Alongside CastleLoader

**Executive summary:** Bitdefender researchers report a resurgence of the LummaStealer infostealer distributed at scale via CastleLoader and social-engineering lures (fake cracked software, torrents, and ClickFix fake-CAPTCHA pages); the analysis details loader internals (AutoIt variants, in-memory execution, XOR/LZNT1 payload decoding), persistence mechanisms, an anomalous DNS lookup artifact useful for detection, geographic spread, extensive IoCs, and practical user/organizational mitigations.