SYMBOLCOMMON_NAMEaka. SYNONYMS
win.remus (Back to overview)

Remus

According to Gen, this is most likely the 64bit evolution of Lumma Stealer. It is capable of stealing stored browser passwords, cookies, cryptocurrency, and much more. It also uses EtherHiding to resolve C2s, replacing the traditional use of Steam and Telegram dead drop resolvers, and has additional anti-analysis checks.

References
2026-04-07Gen DigitalJan Rubín, Vojtěch Krejsa
Remus: Unmasking The 64-bit Variant of the Infamous Lumma Stealer
Lumma Stealer Remus Tenzor

There is no Yara-Signature yet.