Faux CAPTCHA Verification Pages Spreading Lumma Stealer Malware

A brand new phishing marketing campaign makes use of pretend CAPTCHA verification pages to trick Home windows customers into working malicious PowerShell instructions, putting in the Lumma Stealer malware and stealing delicate data. Keep knowledgeable and guarded.

Cybersecurity researchers at CloudSec have found a brand new phishing marketing campaign that’s tricking customers into working malicious instructions by pretend human verification pages. The marketing campaign, which primarily targets Home windows customers, goals to put in the Lumma Stealer malware, resulting in the theft of delicate data.

How the Assault Works

Risk actors are creating phishing websites hosted on numerous platforms, together with Amazon S3 buckets and Content material Supply Networks (CDNs). These websites mimic official verification pages, resembling pretend Google CAPTCHA pages. When customers click on the “Verify” button, they’re introduced with uncommon directions:

1. Open the Run dialog (Win+R)
2. Press Ctrl+V
3. Hit Enter

Unknown to the person, these actions execute a hidden JavaScript perform that copies a base64-encoded PowerShell command to the clipboard. When the person pastes and runs the command, it downloads the Lumma Stealer malware from a distant server.

CloudSec’s report shared with Hackread.com forward of publishing on Thursday, revealed that the downloaded malware usually downloads extra malicious parts, making detection and elimination tougher. Whereas presently used to unfold Lumma Stealer, this system might be simply tailored to ship different varieties of malware.

To your data, the Lumma Stealer is designed to steal delicate knowledge from the contaminated machine. Whereas the precise knowledge focused can range, it usually contains login credentials, monetary data, and private recordsdata. This newest marketing campaign got here simply days after the malware was caught disguising itself as an OnlyFans hacker software, infecting the units of different hackers.

In January 2024, Lumma was found to be spreading by cracked software program distributed through compromised YouTube channels. Earlier, in November 2023, researchers had recognized a brand new model of LummaC2, known as LummaC2 v4.0, which was stealing person knowledge utilizing trigonometric strategies to detect human customers.

I hereby verify. https://t.co/1q4cARQLDM pic.twitter.com/GEBzqJeaSs

— Waqas (@WAK4S) December 31, 2023

What Now?

Now that the brand new Lumma stealer an infection spree has been reported, companies and unsuspecting customers want to remain alert and keep away from falling for the most recent pretend verification rip-off. Listed below are some commonsense guidelines and easy but important ideas for defense in opposition to Lumma and different comparable stealers:

• Educate your self and others: Share this data with mates, household, and colleagues to lift consciousness about this new menace.
• Be cautious of surprising verification requests: Official web sites not often ask customers to execute instructions by the “Run” dialogue field. Be suspicious of any web site that makes such requests.
• Don’t copy and paste unknown instructions: Keep away from copying and pasting something from untrusted sources, particularly instructions meant to be run in a terminal or command immediate.
• Hold your software program up to date: Guarantee your working system and antivirus software program are up-to-date to patch identified vulnerabilities.
• Most Vital: Observe Hackread.com for the most recent cybersecurity information.

RELATED TOPICS

1. Faux Antivirus Websites Unfold Malware
2. Evaluation of Prime Infostealers: Redline, Vidar, Formbook
3. Hackers utilizing CAPTCHA to evade phishing, malware detection
4. Unicode QR Code Phishing Rip-off Bypasses Conventional Safety
5. Android banking malware distributed with pretend Google reCAPTCHA