Lumma Stealer - Targets

Geographic distribution based on 0 samples with origin data.

Last updated: 2026-04-18

Geographic targeting data reveals where Lumma Stealer operators focus their campaigns. Country data is derived from MalwareBazaar sample metadata and indicates the origin or primary target region of each sample.

Understanding Geographic Targeting

A concentration in specific countries may reflect language-targeted phishing campaigns, region-specific software cracks used for distribution, or deliberate threat actor preferences. Some Lumma Stealer campaigns specifically avoid certain countries (CIS nations, for example) based on operator origin. A sudden shift in targeting may indicate a new campaign or a different threat actor group adopting the malware.

Defensive Recommendations

Organizations in heavily targeted countries should elevate their monitoring for Lumma Stealer indicators and ensure endpoint protection signatures are current. If your country appears in the top targets, prioritize reviewing the Lumma Stealer IOCs and detection rates to assess your exposure. Consider geo-blocking or increased scrutiny for traffic from countries hosting Lumma Stealer distribution infrastructure.

No geographic data yet. Country data will appear after the first daily update.

Related

← Lumma Stealer Overview Samples Distribution Detection Rate All Families