Hackers are distributing near 1,000 internet pages mimicking Reddit and the WeTransfer file sharing service that result in downloading the Lumma Stealer malware.
On the faux pages, the menace actor is abusing the Reddit model by displaying a faux dialogue thread on a selected matter. The thread creator asks for assist to obtain a selected device, one other person gives to assist by importing it to WeTransfer and sharing the hyperlink, and a 3rd thanks him to make all the pieces seem authentic.
Supply: BleepingComputer
Unsuspecting victims clicking on the hyperlink are taken to a faux WeTransfer web site that mimicks the interface of the favored file-sharing service. The ‘Download’ button results in the Lumma Stealer payload hosted on “weighcobbweo[.]top.”
All websites used on this marketing campaign include a string of the model they impersonate adopted by random numbers and characters to look authentic at a fast look. The highest-level-domains are both “.org” or “.net.”
All websites a part of the marketing campaign include a string of the model they impersonate adopted by random numbers and characters to look authentic at a fast look. The highest-level-domains are both “.org” or “.net.”
Supply: BleepingComputer
These faux web sites had been discovered by Sekoia researcher crep1x, who shared an entire checklist of internet pages collaborating within the scheme. In whole, there are 529 pages impersonating Reddit and 407 posing because the official WeTransfer service serving a obtain.
The researcher advised BleepingComputer that he was unable to retrieve any clues in regards to the earlier phases of the an infection chain, however the particular subjects used point out some type of elaboration.
The assault would possibly start with malvertising, search engine marketing poisoning, malicious web sites, direct messages on social media, and different means.
A 12 months in the past, the identical researcher found an analogous marketing campaign the place 1,300 websites abused the AnyDesk model to push the Vidar Stealer malware.
Threat of info-stealer malware
Lumma Stealer is a potent device with superior evasion and knowledge theft mechanisms. The malware is offered to hackers who distribute it by numerous strategies, together with GitHub feedback, deepfake nude generator websites, and malvertising.
Information-stealing malware can gather, amongst different issues, passwords saved on internet browsers and session tokens that can be utilized to hijack accounts with out figuring out the credentials.
This kind of menace is often used to exfiltrate delicate login knowledge from corporations and the main points are often offered on hacker boards.
Most just lately, infostealers enabled high-impact assaults on PowerSchool, HotTopic, CircleCI, and Snowflake.
