Threatsday Bulletin: $176m Crypto Fine, Hacking Formula 1, Chr...

Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target.

This week’s ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked misconfigurations to sophisticated new attack chains that turn ordinary tools into powerful entry points.

The activity of the Lumma Stealer (aka Water Kurita) information stealer has witnessed a "sudden drop" since last months after the identities of five alleged core group members were exposed as part of what's said to be an aggressive underground exposure campaign dubbed Lumma Rats since late August 2025. The targeted individuals are affiliated with the malware's development and administration, with their personally identifiable information (PII), financial records, passwords, and social media profiles leaked on a dedicated website. Since then, Lumma Stealer's Telegram accounts were reportedly compromised on September 17, further hampering their ability to communicate with customers and coordinate operations. These actions have led customers to pivot to other stealers like Vidar and StealC. It's believed the doxxing campaign is driven by internal rivalries. "The exposure campaign was accompanied by threats, accusations of betrayal within the cybercriminal community, and claims that the Lumma Stealer team had prioritized profit over the operational security of their clients," Trend Micro said. "The campaign's consistency and depth suggest insider knowledge or access to compromised accounts and databases." While Lumma Stealer faced a setback earlier this year after its infrastructure was taken in a coordinated law enforcement effort, it quickly resurfaced and resumed its operations. Viewed in that light, the latest development could threaten its commercial viability and hurt customer trust. The development coincides with the emergence of Vidar Stealer 2.0, which has been completely rewritten from scratch using C, along with supporting multi-threaded architecture for faster, more efficient data exfiltration and improved evasion capabilities. It also incorporates advanced credential extraction methods to bypass Google Chrome's app-bound encryption protections by means of memory injection techniques, and boasts of an automatic polymorphic builder to generate samples with distinct binary signatures,

Source: The Hacker News