HQ/EMEAFind out how we can help your business
The annual League of Legends World Championship kicked off recently and started its Play-in Stage. The arrival of the inaugural event has also bred a new malware campaign that distributes the Lumma Stealer.
Based on reports, the new cybercriminal operation targets gamers across Europe and has already claimed over 4,000 victims. Researchers explained that the fraudsters capitalise on the hype surrounding this worldwide esports event.
The malware operators use a fake League of Legends downloader to deploy the Lumma Stealer.
The fraudulent campaign uses well-constructed social media advertisements that entice fans to download a seemingly legitimate League of Legends game.
Once a user accesses the download button, they will install the Lumma Stealer malware. This malware enables hackers to harvest personal information, including credit card numbers, passwords, cryptocurrency wallets, and browser session cookies.
In addition, the attackers are leveraging social media channels to target League of Legends fans with adverts promising a free game download. Those who fall for the ad are redirected to a page that seems like an older version of the League of Legends download page but has been designed using typosquatting to make it more difficult to identify.
After clicking the download link, the page will take them to a Bitbucket repository that contains a malware archive. The downloaded bundle includes an executable and a genuine Windows file, user32.dll, that acts as a dropper for Lumma Stealer.
Lumma Stealer is a notorious data-stealing malware that could harvest sensitive information from affected devices. Hence, operators of such malware can steal social media accounts and sell stolen data on black markets.
These events could also result in other malicious activities, such as identity theft and phishing attacks. Furthermore, Lumma injects itself into a legitimate Windows process, bitlockertogo.exe, to avoid detection by AV software.
The League of Legends World Championship will preserve its popularity for at least two months as some of the most popular teams, like T1, have yet to play. As of now, the tournament is on its Swiss stage and will continue to rack up more viewers and enthusiasts, not just in Europe but worldwide.
Gamers should be wary and double-check the adverts for the game, as threat actors have started to exploit the hype that Worlds brings.
