Cyber Security News reports that a growing malware campaign is exploiting fake CAPTCHA pages to spread Lumma Stealer, a powerful information-theft tool marketed through malware-as-a-service platforms.According to Kaspersky, attackers mimic familiar CAPTCHA systems like Google reCAPTCHA to trick users into copying a malicious PowerShell command from their clipboard. These deceptive pages are often linked from pirated media sites and fraudulent cryptocurrency Telegram groups. Once executed, the command initiates a multi-stage infection chain using advanced evasion techniques, such as DLL sideloading and mshta-based JavaScript execution. Lumma Stealer, which targets credentials, 2FA data, cryptocurrency wallets, and financial information, also checks for antivirus software before deploying its payload. It communicates with remote command-and-control servers using encrypted POST requests. With over 1,000 active subscribers and entry costs starting at $250, the threat is escalating rapidly. Security experts stress the importance of user education and endpoint defenses, warning that corporate systems remain vulnerable to infections that may precede larger-scale attacks like ransomware.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



