It all began with an alert from CrowdStrike’s Falcon platform, which flagged and blocked a potentially malicious .zip file that had been downloaded by an unsuspecting user.
A quick investigation by our Security Operations Center (SOC) revealed a concerning chain of events, and the case was escalated for further action.
Our team’s analysis indicated that the user had visited a questionable streaming site, lured by the promise of live sports in crystal-clear 4K resolution. But instead of game highlights, what awaited was a payload of malicious code.
A dangerous discovery
Unknowingly, the user had downloaded a text file that turned out to be a Powershell script, which was executed and initiated the download of a particularly notorious malware: Lumma.
Lumma, a well-known “Malware-as-a-Service” product, enables criminals to steal authentication data – for a monthly fee, of course. Once installed, it operates by stealing authentication details – including 2FA credentials – from local systems and web browsers. Even more worryingly, Lumma can act as a backdoor, potentially providing a Command and Control (C2) point for attackers to further infiltrate the network.
Securing the network and analyzing the threat
Our team moved quickly to contain the affected machine, isolating it from the network to halt any potential spread. The malicious script was retrieved and analyzed, showing that it repeatedly queried a specific URL for updated payloads to download and execute. We gathered the data and shared it with CrowdStrike, ensuring both immediate containment and long-term insights into emerging threats.
After a thorough review, our team determined that the network was secure from further attacks. The compromised machine remained isolated until we had fully resolved the incident and notified the client with the reassuring news that their system was no longer at risk.
Whether the user ever managed to access that elusive sports content remains a mystery. But one thing’s for certain: when it comes to online streaming, it pays to be cautious. In the end, all that glitters isn’t 4K – sometimes, it’s something far more sinister.