HQ/EMEAFind out how we can help your business
A newly discovered cybercriminal operation disseminates thousands of web pages and some fake Reddit sites to distribute the Lumma Stealer malware.
Researchers observed on the false pages that the threat actors exploit the Reddit brand by displaying a phoney discussion thread on a specific topic. The campaign also uses a fake WeTransfer site to deploy the same malware.
According to reports, the victims who click on the link are redirected to a fake WeTransfer website that looks like the popular file-sharing service’s UI. However, the ‘Download’ button takes the unaware users to the Lumma Stealer payload stored on a domain named “weighcobbweo[.]top.”
To appear real, all sites used in this campaign have a string of the brand they imitate followed by random numbers and characters.
The campaign uses hundreds of fake Reddit sites to distribute the malware.
Investigations revealed that the threat actors use at least 500 fake Reddit sites to impersonate legitimate pages and infect deceived users with the Lumma Stealer malware. Moreover, the researchers uncovered a little over 400 bogus WeTransfer services available for download.
However, the researchers stated in an inquiry that they could not obtain any details about the infection process. Still, the precise themes utilised by the attackers indicate that they are sophisticated.
Some researchers suspect the attack could start with various methods, such as malvertising, SEO poisoning, rogue websites, or direct messaging on social media. This campaign is similar to last year’s discovered campaign in which hackers leveraged 1,300 websites to impersonate AnyDesk and distribute the Vidar Stealer virus.
The malware strain the hackers used in this campaign is Lumma Stealer, a powerful tool with sophisticated evasion and data theft capabilities. The malware is sold to hackers, who then distribute it through various channels, such as GitHub comments, deepfake sites, and malvertising.
This infostealer could be detrimental for various users as passwords stored on web browsers and session tokens can be collected by infostealing malware. This type of attack and malicious tool is frequently used to steal important login information from businesses, and the data is typically sold on hacker forums.
