Malware, Phishing

Lumma Stealer deployed via fraudulent CAPTCHA pages

Share
System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Windows users have been mainly targeted in a new phishing campaign that leverages phony CAPTCHA verification pages to facilitate Lumma Stealer malware deployment, Hackread reports.

Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data, including financial details and login credentials, according to a CloudSEK report. Such a development comes just weeks after the information-stealing malware was reported to have been concealed as an OnlyFans hacking tool, which ended up compromising threat actors' information. Threat actors also leveraged hacked YouTube channels to distribute Lumma in the guise of pirated software after an updated version of the infostealer was reported to have gained human user detection capabilities with trigonometric techniques.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.