Lumma Stealer + Sectop RAT (ArechClient2): Two-Stage Attack Chain via Fake Cracked Software

Executive Summary On April 17, 2026, SANS Internet Storm Center documented a Lumma Stealer campaign followed by Sectop RAT (ArechClient2) targeting users searching for pirated software. Attackers used