HQ/EMEAFind out how we can help your business
Cybercriminals have a new ongoing campaign that uses GitHub to distribute the Lumma Stealer malware.
Reports revealed that the malware spreads through fraudulent repositories that offer seemingly legitimate products such as game hacks, cracked software, and free cryptocurrency tools. The primary objective of this fake software solution is to trick unwary users into downloading and running malicious programs.
These repositories, sometimes disguised with professional-looking elements such as distribution licenses and screenshots, use GitHub’s trust and accessibility to deceive users.
Attackers carefully target people who want a competitive advantage in popular games like Minecraft, Roblox, and Call of Duty and who want free access to premium products like Spotify and Adobe Express.
Lumma Stealer is the primary payload in this campaign.
According to investigations, the Lumma Stealer malware is stored in most repositories in this fraudulent scheme.
The attackers use game hacks, cracked software, or free cryptocurrency tools to entice users and infect them with the virus. Users are instructed to download and run a file disguised as the offered program when they reach the repository.
The downloaded file is typically a variant of the Lumma Stealer malware, which could harvest sensitive information such as login credentials, crypto wallet information, browser history, cookies, and PII before extracting the stolen data to the attackers’ C2 servers.
Every week, GitHub launches a new set of repositories containing a new version of the virus, while older versions are recognised and removed. Researchers explained that these repositories also include distribution agreements and software screenshots to make them appear more legitimate.
To further lure consumers, these repositories frequently tell them to turn off their antivirus software, saying it will interfere with the downloaded package. However, this stage is the key tactic for threat actors as it turns off the user’s initial defence feature, allowing the virus to run unnoticed and steal sensitive information.
Young people, particularly game addicts, are the primary targets of these attacks. The exploitation of game hacks, which include features like aimbots and an advanced Anti-Ban system to prevent account suspension, is immensely enticing, making players more vulnerable to these misleading tactics.
The targeted entities should be careful when downloading software from unverified sources to avoid getting infected with malware.
