Lumma Infostealer Malware Targeting Opera in Mexico
Adrian León 06/17/2025 Cybersecurity, cyberattack, malware
4 Minutos

Recently, on Lumma Market (a clandestine marketplace on the dark web) an ad was posted selling a batch of stolen data. The disturbing part is that it originated from a device with a Mexican IP address (201.119.8.84). Behind this is Lumma Infostealer, a malware that's generating a lot of buzz. It operates under the Malware-as-a-Service model (like a subscription service, but from the dark side), and it's becoming increasingly prevalent in cyberattacks targeting users in Mexico.

 

lumma market

 

Stolen Data: Cookies and Passwords for the Price of a Coffee

 

On June 10, 2025, a chilling ad appeared: for just one dollar, anyone could buy a package containing 209 passwords and 5,133 cookies stolen from highly popular services like Facebook, Instagram, Twitter, TikTok, OKX, LinkedIn, Pinterest, YouTube, and Google.

The most alarming part? Those cookies allow attackers to access accounts without needing to enter a password. It’s as if they had a direct pass to your profile. This facilitates fraud, impersonation, and unauthorized access in seconds. Among the leaked passwords were credentials for sites like Facebook and Battle.net, used by both everyday users and gamers.

While the price may seem absurdly low, it’s no coincidence. It’s part of a well-thought-out business model: selling large volumes of stolen data at very low prices to earn more through scale. It’s the “wholesale” model of cybercrime.

And be warned: sites like lumma-market.ru, where this type of content is traded, are not only illegal but can also infect you just by visiting. Accessing these pages can expose you to more viruses, further data theft, or even worse fraud. So it’s best not to go near them.

 

datos robados

 

Lumma Infostealer: The Malware That Won’t Let Up

 

Lumma Infostealer isn’t just any malware. It operates like a subscription service, Netflix-style… but for cybercriminals. Yes, you read that right. Its Malware-as-a-Service (MaaS) model allows anyone with bad intentions to rent it and steal data from others. And the worst part: it's growing fast and Mexico is on its radar.

 

How Does This Malware Work?

 

Its operation follows a well-thought-out sequence:

 

  1. First, they trick you: You get a suspicious email that looks like it's from the CFE, Telmex, or your bank, or maybe you see a “PDF invoice” in a Telegram channel or a YouTube link to download “free software.” If you click… you’re already caught.

  2. Then it invades your computer: Once inside, it collects everything—passwords, cookies, access to cryptocurrency wallets, and more.

  3. Next, it sends everything to its servers: The data is transmitted to servers (mostly in Russia) used by criminals to manage the operation.

  4. Finally, they sell it: That data ends up in marketplaces like Lumma Market, where you can literally buy cookies and passwords for just a few pesos.

 

Mexico in Lumma’s Crosshairs

 

Throughout 2024 and so far in 2025, Mexico has been one of Lumma’s favorite targets. Why? Because here, they've found highly effective ways to deceive people. Some of their most common tactics include:

 

  1. Highly convincing phishing: Emails that appear to come from well-known Mexican services to gain trust and trick victims.

  2. Attacks on the education sector: They’ve infiltrated the websites of legitimate institutions to distribute malware through seemingly “safe” platforms.

  3. Crypto obsession: As more people in Mexico use cryptocurrencies, attackers are targeting platforms like OKX.

  4. Highly refined techniques: They employ fake pages with reCAPTCHA (yes, like the ones that ask you to confirm you’re not a robot), hosted on cloud services that look legitimate. This way, many antivirus programs don’t detect them.

What Is the World Doing to Stop Them?

 

On May 15, 2025, Europol, the FBI, and other agencies coordinated a major operation to strike at Lumma’s core. They successfully shut down over 2,500 domains used as servers and control panels. The disruption was so significant that cybercriminals were seen complaining on dark web forums about their “service” going offline.

The problem? It wasn’t enough. Many key servers—especially those based in Russia—remained operational. On May 23, Lumma’s creator publicly stated that no one had been arrested and that everything was returning to normal. By May 29, a Telegram bot was already offering 406 stolen records from 41 countries. So yes, Lumma is still alive… and very active.

 

Read more: Lumma Stealer Malware Takedown: 2,300 Domains Seized

 

A Case Close to Home: Mexican IP 201.119.8.84

 

One of the most concrete cases involved a device located in Mexico with the IP address 201.119.8.84. From that device, data was stolen and later sold on the dark web. This doesn’t just affect the individual using that device—it can also impact any company they work for or are connected with. That’s how easily an attack can escalate.

 

How Can You Protect Yourself?

 

Not all hope is lost. There are several simple yet effective steps you can take to protect yourself from Lumma and similar malware:

 

  1. Be suspicious of the unexpected: If you receive a strange email with a file or link—don’t open it! Even if it looks legit.

  2. Double-check URLs: Sometimes attackers change a single letter or symbol to trick you. Always verify the website is official.

  3. Change your passwords and enable 2FA: Especially if you suspect any account may have been compromised. And if possible, use a secure password manager.

  4. Use a good antivirus and keep it updated: It’s not foolproof, but it can help detect suspicious activity.

  5. Monitor your accounts: Regularly check your activity on social media, banking, and crypto platforms. If you see anything strange, act fast.

  6. Train your team: Make sure all your employees know how to recognize phishing attempts or threats.

  7. Report incidents: Don’t keep it to yourself. Reporting helps authorities detect patterns and take action.

 

In Summary

 

Lumma Infostealer is not just any virus—it’s a well-structured, profitable system that’s very difficult to stop. Its volume-based model, adaptability, and ability to fool even the most cautious users make it a real threat. And the worst part? Mexico is one of its primary targets.

Cases like the one involving the Mexican IP show that no one is safe—not everyday users, nor large companies. That’s why the best defense remains prevention, staying informed, and using common sense.

Tag:

Cybersecurity cyberattack malware

Microsoft 365 Updates: Outlook and Copilot Transform Productivity

Artículo Anterior

What are Backup Recovery Tests?

Siguiente Artículo
  • There are no suggestions because the search field is empty.

Categories

Most read articles

Adrian León 05/30/2025 Cybersecurity, cyberattack
Top 10 Dark Web Markets
Alexander Chapellin 04/30/2025 Cybersecurity, cyberattack
Top 10 Telegram Groups and Channels on the Dark Web
Alexander Chapellin 04/30/2025 Cybersecurity, cyberattack
Top 10 Browsers for Accessing the Dark Web with Anonymity
Jonathan Montoya 05/22/2025 Cybersecurity, cyberattack
Top 10 Deep Web and Dark Web Forums

Artículos Relacionados

Cybersecurity, cyberattack, malware, AI, Microsoft365, Copilot
Adan Cuevas 06/11/2025

No-Click AI Vulnerability Discovered in Microsoft 365 Copilot

A rather disturbing vulnerability called EchoLeak was recently discovered. What makes it so

Leer más
Cybersecurity, cyberattack, malware
Adriana Aguilar 06/11/2025

New Scam on WhatsApp: Using Cell Phone Cameras to Steal Data

If you use WhatsApp, beware: cybercriminals never rest and are always looking for new ways to

Leer más
Cybersecurity, malware
Jonathan Montoya 06/11/2025

DanaBot: Malware Exposed by a Flaw in its C2 Infrastructure

A bug in a June 2022 update was the beginning of the end for DanaBot, one of the most notorious

Leer más