All Episodes

Patrick Sharp: Aura Information Manager on the Lumma Stealer malware impacting thousands of Kiwis

December 9, 2025 3 mins

Tens of thousands of New Zealanders have been sent an unprecedented email from our National Cyber Security Centre.

It's emailed 26,000 addresses warning malicious software, called Lumma Stealer, could have infected their devices.

It's designed to steal sensitive information - and some stolen passwords are connected to Government agency systems and bank accounts.

Aura Information Manager, Patrick Sharp, says international partners revealed the threat to our cyber security centre.

He explained that presumably means an agency's uncovered a trove of stolen data and alerted the NCSC about the email addresses of concern.

LISTEN ABOVE

See omnystudio.com/listener for privacy information.

Mark as Played
Transcript

Episode Transcript

Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
New Zealand Cyber Agency is warning twenty six thousand kiwis
that their computers have been infected with malicious software. The
National Cybersecurity Center or NCSC, which sent out the emails
today warning users about a possible infection. They say the
software has stolen sensitive information connected to bank accounts and
government systems. So what is it? Who got it? How

(00:22):
do we know? Patrick Sharp, general manager of AURA Information Security,
joins me. Now, Patrick, good afternoon.

Speaker 2 (00:28):
Good afternoon, So how did this?

Speaker 1 (00:30):
Can we go back to the beginning. Do we know
how this malware might have got into our systems, what
sort of email it or how it got in?

Speaker 2 (00:41):
So this sort of malware can actually be delivered through
a range of different mechanisms. There is some mechanisms such
as people going on Facebook and getting links to download
aim this generation software, just malicious websites. There's one instance
of the game having this in it, so it could
be a variety of different means.

Speaker 1 (01:02):
So not necessarily because I always think if I don't
click on any emails, then I'm not going to get
in any trouble. But actually you could just go to
a website and click on something and pick it up
potentially yes, yeah, okay, what's the software called the malicious software?
And what does it do?

Speaker 2 (01:17):
So it's called Luma Steeler and it's what's called a
Steeler malware. So basically what it does is steel information.
Pretty obvious. I guess that might include things I use, passwords,
created a card, information, anything saved in your browser, even
files from your computer.

Speaker 1 (01:34):
Is it on my phone or my hard computer laptop?

Speaker 2 (01:38):
This one seems to be affecting Windows based systems, so
it'll be your computer, okay.

Speaker 1 (01:44):
And how does the government know whether my computer, my
Microsoft computer has been infected?

Speaker 2 (01:54):
So nccly noted that they've been alerted to this by
their partners. That presumably means that another organization overseas has
actually found a trove of data which has been stolen
and then has said to NCC, there's a group of
email addresses here, and be concerned with how do I know.

Speaker 1 (02:12):
If I've I mean, aside from the government email I
means saying, oops, you've got this. How do is there
any sign that you would have this on your computer?

Speaker 2 (02:20):
No, these are this kind of software is designed to
run quietly in the background, so you wouldn't know the
only unless you're running antivirus software which has then detected
it and hopefully cleaned up after that.

Speaker 1 (02:35):
Would antivirus software have detected.

Speaker 2 (02:36):
This I presumably. However, these the sort of malware has
often changed, and so antivirus software has to continuously change
in order to update and make sure it can detect
new versions of it. So presumably for a period of
time it wasn't detected.

Speaker 1 (02:57):
Patrick, Today we're talking about twenty three thousand email is
twenty three thousand people. In ten years time we'll be
talking about everyone. I mean, should we be putting any
of our information, our private information anywhere on our computers
or the internet generally?

Speaker 2 (03:13):
Reality, this is a huge problem, these sorts of the
sort of malware and lots of data in general. But
we can't simply not put our data online. So we
have to become very aware of how we're actually managing
our data, where we're putting it, where it's been saved,
and who has access to it.

Speaker 1 (03:32):
Patrick, appreciate your time this afternoon. Thank you very much,
Patrick Sharp, general manager at AURA Information Security. For more
from Heather Duplicy Allen Drive, listen live to news talks
it'd be from four pm weekdays, or follow the podcast
on iHeartRadio,
Advertise With Us

Popular Podcasts

Las Culturistas with Matt Rogers and Bowen Yang

Las Culturistas with Matt Rogers and Bowen Yang

Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.

The Joe Rogan Experience

The Joe Rogan Experience

The official podcast of comedian Joe Rogan.

Stuff You Should Know

Stuff You Should Know

If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

Explore

iHeart

Live Radio

Podcasts

Artist Radio

Exclusives

News

Features

Events

Contests

Photos

Information

About

Advertise

Blog

Brand Guidelines

Contest Guidelines

Subscription Offers

Jobs

Get the App

Automotive

Home

Mobile

Wearables

© 2025 iHeartMedia, Inc.