New Phishing Campaign Targets Windows Users with Lumma Stealer
Cybersecurity researchers at CloudSec have uncovered a new phishing campaign aimed at deceiving Windows users into executing harmful commands via fraudulent CAPTCHA verification pages. This malicious operation seeks to install the Lumma Stealer malware, which can compromise sensitive information.
How the Attack Works
Cybercriminals are setting up phishing websites across various platforms such as Amazon S3 and Content Delivery Networks (CDNs). These sites replicate genuine verification pages, including fake Google CAPTCHA forms. When users click the “Verify” button, they receive unusual instructions:
- Open the Run dialog (Win + R)
- Press Ctrl + V
- Hit Enter
Unbeknownst to the user, these steps trigger a hidden JavaScript function that copies a base64-encoded PowerShell command to the clipboard. When the command is pasted and executed, it retrieves the Lumma Stealer malware from a remote server.
According to CloudSec’s report, which was shared with Hackread.com, the downloaded malware often installs additional malicious components, complicating detection, and removal efforts. While the current campaign focuses on Lumma Stealer, this method can easily be adapted for other malware variants.
Lumma Stealer Overview
The Lumma Stealer is engineered to extract sensitive data from infected devices. The specific data targeted can vary but frequently includes login credentials, financial details, and personal files. This recent campaign emerged shortly after the malware was reported as disguising itself as an OnlyFans hacker tool, which infected the devices of several hackers.
Earlier in 2024, Lumma was found to spread through cracked software shared via compromised YouTube channels. Additionally, in November 2023, researchers identified a recent version of LummaC2, known as LummaC2 v4.0, utilizing trigonometric methods to detect human users for its data-stealing operations.
With the new Lumma stealer threat emerging, it is crucial for both businesses and users to remain vigilant against deceptive verification scams. Here are some practical tips for protection against Lumma and similar malware:
- Educate Yourself and Others: Share information about this threat with friends, family, and colleagues to raise awareness.
- Be Cautious of Unusual Requests: Legitimate sites rarely ask users to run commands via the “Run” dialog. Be skeptical of such requests.
- Avoid Unknown Commands: Do not copy or paste commands from untrusted sources, particularly those intended for a terminal or command prompt.
- Keep Software Updated: Regularly update your operating system and antivirus software to protect against known vulnerabilities.
- Stay Informed: Follow reliable cybersecurity news sources like Hackread.com for the latest updates.
Stay informed and take necessary precautions to protect your sensitive information against these emerging threats.
Read More: