Hello and welcome to the Thursday, January 15th, 2026 edition of the Sands Internet Storms

StormCast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. And this episode is

brought to you by the Sands., credit certificate program in incident response.

In Diaries today, we got a malware write-up by Brad.

Brad is writing about a recent version of Luma Steeler.

Luma Steeler, as the name implies, is an info stealer.

Now, in this particular case, it will infiltfiltrate your data, and then it will download

an additional URL from Pastebin with instructions on what to do next. At this point, the odd new

behavior here of this variety of Luma Steeler is that it adds a scheduled task to keep repeatedly doing this.

But then whenever it downloads the next binary or whatever it's going to load on your system,

well, it adds another scheduled task. So these scheduled tasks keep piling up. Apparently,

they're scheduled every 30 minutes,

and Brad observed systems running up to 30 or so of these scheduled tasks,

meaning every minute at that point,

a new variety of malware is being downloaded and executed,

which of course should make the infection more noisy. But note that all of this

happens after the bulk of the data exfiltration already happened. So at this point, I think

the attacker is less worried about being discovered and probably is more attempting to scrape

any kind of additional information from the system that was

initially missed. It's also possible that they're then sort of handing on the system to some

other group that installs whatever Malver. They prefer ransomware or whatever.

And then we have yet another interesting, gentic AI vulnerability.

...