Does Carbon Black Cloud detect Lumma Stealer activity?
Article ID: 398950
Updated On:
Products
Carbon Black Cloud Endpoint Standard
Carbon Black Cloud Audit and Remediation
Carbon Black Cloud Container
Carbon Black Cloud Enterprise EDR
Carbon Black Cloud Managed Detection and Response
Carbon Black Cloud Workload
Carbon Black Cloud Prevention
Issue/Introduction
Lumma Stealer activity was alerted by another 3rd party AV tool, but the activity was not alerted by Carbon Black Cloud.
Environment
- Carbon Black Cloud Console: Current Version
- Lumma Stealer malware
Resolution
Associated malicious indicators are blocked and detected by existing policies within Carbon Black products. The recommended policy at a minimum is to block all types of malware from executing (Known, Suspect, and PUP) as well as delay execution for cloud scan to get maximum benefit from Carbon Black Cloud reputation service.
Additional Information
Broadcom Carbon Black has documented the Lumma Stealer in the following Security Blog posts that contain details about how customers can create detections:
- https://blogs.vmware.com/security/2023/10/an-ilummanation-on-lummastealer.html
- https://www.broadcom.com/support/security-center/protection-bulletin/new-lumma-stealer-campaign-using-fake-captchas
- https://www.broadcom.com/support/security-center/protection-bulletin/lumma-stealer-malware-campaign-targets-educational-institutions-using-malicious-lnk-files
Feedback
Yes
No
Powered by
