Pretend OnlyFans Checker Instrument Infects Hackers with Lummac Stealer Malware

Cybersecurity consultants uncover the Lummac Stealer malware, disguised as an OnlyFans “Checker” device, concentrating on hackers. The device additionally targets Disney+ and Instagram hackers.

Cybersecurity consultants at Veriti’s cyber analysis staff have found a Lummac Stealer, often known as LummaC2 Stealer operation that cleverly flips the script on would-be OnlyFans hackers, turning them from hunters into the hunted.

The operation facilities round a person, going by the title Bilalkhanicom on a notorious hacking forum, who offered a “Checker” device claiming that it could permit customers to supposedly “check” OnlyFans accounts for useful data. Nevertheless, this “checker” turned out to be malware, particularly a pressure often known as Lummac stealer.

In consequence, as a substitute of getting access to Solely Fan account data or illicit content material, those that downloaded the device had been contaminated with Lummac Stealer. To your data, the malware can steal passwords and monetary data to looking historical past and cryptocurrency wallets.

Bilalkhanicom posted the malicious installer on a hacker discussion board (Screenshot: Veriti)

In January 2024, Lumma was found to be spreading by way of cracked software program distributed by way of compromised YouTube channels. Earlier, in November 2023, researchers had recognized a brand new model of LummaC2, referred to as LummaC2 v4.0, which was stealing person information utilizing trigonometric methods to detect human customers.

In line with Veriti’s analysis shared with Hackread.com forward of publication on Wednesday, Bilalkhanicom can also be utilizing comparable ways to focus on these curious about hacking different platforms, together with Disney+, Instagram, and even botnet networks.

The malicious installers are uniquely named to align with the pursuits of hackers primarily based on the companies they goal to use. For instance, to focus on Disney+ customers, Bilalkhanicom gives a checker device referred to as “DisneyChecker.exe.”

Equally, for Instagram, the device is called “InstaCheck.exe,” and for botnet fans, it’s labelled “ccMirai.exe,” referencing the infamous Mirai malware botnet, notorious for orchestrating large-scale, crippling DDoS assaults worldwide.

As for Bilalkhanicom, their origin presently stays unknown nonetheless researchers have recognized folder names inside the malware’s structure that trace at influences from throughout the globe, from East Asia, Africa to Latin America, and even Celtic mythology.

“Our researchers uncovered a potential geopolitical link hidden in the malware’s architecture. The folder names used in the malware’s file structure paint a picture of global influences: “Hiyang” and “Reyung” whisper of East Asian connections “Zuka” echoes African influences “Lir” invokes Celtic mythology “Popisaya” hints at Indigenous Latin American roots.”

Veriti Analysis

NOT the primary time

This isn’t the primary time OnlyFans has been used as bait. In June 2023, a malicious marketing campaign concentrating on smartphone customers employed pretend OnlyFans content material to distribute DcRAT malware. The attackers lured victims by exploiting their curiosity in adult-oriented materials, particularly concentrating on those that engaged with specific OnlyFans content material.

  1. Pretend Scorching Repair for CrowdStrike Spreads Remcos RAT
  2. Evaluation of High Infostealers: Redline, Vidar, Formboo
  3. Pretend YouTube Android Apps Used to Distribute CapraRAT
  4. Hackers leak as much as 4 TB of OnlyFans content material for obtain
  5. Pretend Zoom and Google Meet Websites Infect Units with RATs

Recent articles

Hackers Use Microsoft MSC Information to Deploy Obfuscated Backdoor in Pakistan Assaults

Dec 17, 2024Ravie LakshmananCyber Assault / Malware A brand new...

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...