eSentire’s Threat Response Unit (TRU) detected fake updates delivering BitRAT and Lumma Stealer, exploiting browser update mechanisms1.
The attack begins with a compromised webpage, leading to a fake update page and a ZIP archive download, containing malicious PowerShell scripts and JavaScript files.
BitRAT offers extensive remote access capabilities, while Lumma Stealer targets sensitive data, both utilizing advanced techniques for evasion and persistence.
eSentire’s 24/7 SOC Cyber Analysts provide vigilant threat hunting and response, ensuring client security and resilience against such sophisticated cyber threats.