Lumma Stealer Panel: Hidden Camera Capture Script Exposed

Listen to this Post

Featured Image
An investigation into the seized Lumma Stealer panel (tsoi-zhiv(.)com) revealed a hidden script injected into the DOM, designed to secretly capture photos of visitors via their front-facing camera.

Key Findings:

  • Stealthy Injection: The script was embedded in the HTML to avoid detection.
  • Front Camera Preference: Prioritized the front camera, likely for facial captures.
  • Fallback Mechanism: If camera access was blocked, the form would still submit.
  • Visual Feedback: A spinner displayed during capture to avoid suspicion.

🔗 References:

You Should Know:

How to Detect & Mitigate Camera Hijacking

1. Browser Inspection:

  • Open DevTools (F12), go to `Elements` tab, and search for:
    navigator.mediaDevices.getUserMedia 
    
  • Check for unauthorized scripts in `