{
	"id": "fbdeba8f-497d-4058-8c84-e4542a94f487",
	"created_at": "2026-04-06T00:10:23.61584Z",
	"updated_at": "2026-04-10T03:20:37.895603Z",
	"deleted_at": null,
	"sha1_hash": "299db0a1b5651190e6ab16c84acb74aa4e1505a1",
	"title": "Approaching stealers devs : a brief interview with LummaC2",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1062464,
	"plain_text": "Approaching stealers devs : a brief interview with LummaC2\r\nBy g0njxa\r\nPublished: 2023-11-30 · Archived: 2026-04-05 21:55:21 UTC\r\n7 min read\r\nNov 16, 2023\r\nTo completely understand what’s going on in a market that has been growing in the last years I found mandatory\r\nto know which players are dominating it. Always remember that behind every user of the Internet there is another\r\nhuman like you, so if you can be kind enough to reach them and they agree, you can have a little talk. Asking\r\nthings is not a crime.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 1 of 9\n\nPlease note everything that stated on this blog has only an informational purpose. I will never promote the use\r\nof these products.\r\nLet’s see, LummaC2: @lummanowork\r\nThe Lumma guy seemed to know me before I even started to talk to him. I’m actively tracking Lumma C2s and\r\nreporting them to Abuse ThreatFox. So yes, the stealer guys also seem to be looking at us :)\r\nHe shows himself as a kind and open person, and I have nothing to reproach. He was, indeed, very kind to me.\r\nThe interview was made in Russian. Since I was using a translator, questions will be shown in original english,\r\nand answers will be given both in original Russian (in case translation is misled) and translations to english.\r\nHow would you describe Lumma?\r\nЯ думаю сейчас это один из самых технологичных стиллеров(stealer) на рынке, технологии\r\nсначала появляются у нас, а потом они появляются у конкурентов. Мы всегда работаем над\r\nсовершенствованием продукта, несмотря на то, что у нас уже много клиентов. Многие\r\nостанавливаются на достигнутом, мы — не останавливаемся.\r\nIf you need a further description on Lumma by its owners you can always check: LummaC2 — universal stealer, a\r\nmalware for professionals. — Telegraph\r\nWhat does the name “Lumma” means?\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 2 of 9\n\nЛоготип у меня был в голове давно. Птица — символ мира, легкости и спокойствия. По этому\r\nнужно было придумать такое же легкое и спокойное название. Зарабатывать с нами так же\r\nлегко.\r\nWhat makes Lumma different from other products?\r\nТехнологичность, поддержка. Обратите внимание как быстро я вам отвечаю\r\nHow many people do you think have tested this product? Approximately\r\nУ нас около 400 активных клиентов. Это очень много\r\nFrom what I’m learning, having such a large number of customers can be considered big. Most of the projects\r\ndoesn’t want too much attention, some others want to grow as big as they can!\r\nSince when has LUMMA been working?\r\n21.12.22\r\nСкоро нам год :)\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 3 of 9\n\nPlease find at the bottom of this interview some news about this incoming event\r\nIn June 2023, a very big update came out. Since then, the use of LUMMA has been on the rise.\r\nСамое большое обновление из 25 пунктов вышло на прошлой неделе\r\nI say this because I believe that since that day, people have been using LUMMA more often. Do\r\nyou agree?\r\nИспользование Lumma растет постепенно, например за прошлую неделю нашими клиентами\r\nстали больше 20 человек\r\nWhen asking about the “June ’23 Update” I was trying to refer to the moment that I got very interested in Lumma:\r\nwhen I noticed the first domain being used by this stealer as a C2. I don’t know if I was late or fast, just that since\r\nthat moment Lumma was using custom domains. More updates were done, and the notoriety of Lumma increased\r\nexponentially.\r\nPress enter or click to view image in full size\r\nFirst?\r\nThe “past week update” was shared on Twitter:\r\nhttps://x.com/g0njxa/status/1722664597478384095\r\nAnd you can check it here: Update 8.11 — Telegraph\r\nIt is alledgelly called as “the biggest update since the opening of the project”\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 4 of 9\n\nWho came up with the idea of placing poems in the Lumma infraestructure? We will see more\r\npoems?\r\nДа как-то единогласно. Про стихи пока ничего не скажу. Мы любим русских поэтов и русскую\r\nлитературу 😁\r\nOne fancy thing about the Lumma C2s were the poems added to their domains. We had “Sergey Yesenin — You\r\ndon’t love me, you don’t regret me” and “CHARLES BAUDELAIRE, “FLOWERS OF EVIL”, VERSE 29\".\r\nThey got deleted, in fact, having these texts on C2s helped to track them more easily. It wasn’t that bad to have a\r\nnon-boring C2, hope one day we will se more things on their domains. (So we can look for them :p)\r\nLUMMA is used by both individuals and teams as a feature. People love LUMMA. Do you think\r\nLUMMA can be used more often than REDLINE, META, RACCOON or others?\r\nДумаю, да. К нам приходят много клиентов из перечисленных продуктов\r\nPlease note that people will buy a license of a stealer for themselves, and sometimes to work in small groups of 2–\r\n4 people. Also note that when talking about a team, everyone has access, so dozens of users are retrieving builds\r\nfrom the same panel. It is a fact that the use of Lumma has been increasing a lot: some people participating\r\nactively in the market and with years of experience on this field have switched completely to Lumma. This project\r\nhas made his way into the Big Five’s!\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 5 of 9\n\nSpeaking about the market, how do you see it? Is this a good time to work? Or is there a shortage of\r\nproducts? A lot of people I’ve talked to complain about this\r\nНа рынке есть спрос, и думаю предложение спросу соответствует. Работникам посоветуйте\r\nнаш продукт\r\nand in the future?\r\nВ ближайшие 2–3 года мы будем тут\r\nTo explain this I will say that I have talked with other people working with stealers, and somehow there is a\r\ncommon feeling: the shortage of valid providers of accounts used in malware spreading, and the difficulty to\r\ninnovate in the ways they share malware. The lack of products have also a common cause: Ukraine War, hope one\r\nday I can dive further on the point of view of these users.\r\nThere is a demand on the market, he is right.\r\nGet g0njxa’s stories in your inbox\r\nJoin Medium for free to get updates from this writer.\r\nRemember me for faster sign in\r\nPeople have been working for months even years, and we will surely see more people in the following years.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 6 of 9\n\nLUMMA does not allow you to work with Russians. LUMMA protects Russians. What is your\r\nopinion of people working with Russians? with other products\r\nУ нас есть традиция и правило «не срать там где живешь». За разблокировку работы по\r\nрусским мне предлагали 25 тысяч долларов. Мы всегда отказываем таким клиентам\r\nThe “anti-CIS” policies are present in most of the malware projects, that shouldn’t be nothing new. “Protect the\r\nmotherland and the motherland will protect you”.\r\nIf only someone could modify LUMMA to work with the Russians (as happened with\r\nWHITESNAKE). What are you going to do?\r\nНикто не сможет этого сделать. У нас другая архитектура\r\nFYI WhiteSnake Stealer project got banned from some Russian forums after “some customer modified the build\r\nand removed Anti-CIS module”. As stated before, that’s a red flag and developers must take care of it.\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 7 of 9\n\nWhat would you say to those “information security experts” who are trying to track LUMMA?\r\nПередаю им привет. Я не против что нас отслеживают. Напротив — это дает популярность\r\nLumma.\r\nпривет!\r\nI think that’s all))) is there something to say?\r\nDo you have anything ready for the anniversary?\r\nДа, будет конкурс, будет большая статья с тем, что изменилось у нас за год\r\nThat’s an exclusive: Lumma 1st anniversary will be at December 21st, 2023. He was offering discounts at month\r\nanniversaries, but I believe this will be a different moment. As said, Lumma is working on a contest and an article\r\nregarding Russia. Expect high activity on those days! Waiting for further news!\r\nThe end?\r\nRemember to check the other interviews at: g0njxa — Medium\r\nExpect more content,\r\nBest regards.\r\n@g0njxa\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 8 of 9\n\nSource: https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nhttps://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11"
	],
	"report_names": [
		"approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11"
	],
	"threat_actors": [],
	"ts_created_at": 1775434223,
	"ts_updated_at": 1775791237,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/299db0a1b5651190e6ab16c84acb74aa4e1505a1.pdf",
		"text": "https://archive.orkl.eu/299db0a1b5651190e6ab16c84acb74aa4e1505a1.txt",
		"img": "https://archive.orkl.eu/299db0a1b5651190e6ab16c84acb74aa4e1505a1.jpg"
	}
}