🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
The Lumma Stealer malware is being distributed through deceptive human verification pages that trick users into running malicious PowerShell commands. This phishing campaign primarily targets Windows users and can lead to the theft of sensitive information
Category: Adversary Intelligence
Industry: Multiple
Motivation: Cyber Crime/Financial
Region: Global
TLP: GEEEN
‍
A new and sophisticated method of distributing Lumma Stealer malware has been uncovered, targeting Windows users through deceptive human verification pages. This technique, initially discovered by Unit42 at Palo Alto Networks, has prompted further investigation into similar malicious sites.
After our investigation, we have identified more active malicious sites spreading the Lumma Stealer. It's important to note that while this technique is currently being used to distribute Lumma Stealer, it could potentially be leveraged to deliver any type of malicious malware to unsuspecting users.Â
‍
‍
Threat actors create phishing sites hosted on various providers, often utilizing Content Delivery Networks (CDNs). These sites present users with a fake Google CAPTCHA page.
‍
‍
Our research team identified multiple domains hosting these malicious verification pages. The infection chain typically follows this pattern:
‍
‍
‍
‍
‍
‍
‍
‍
‍
Type | Name | Value
File |Â dengo.zip |Â 7c348f51d383d6587e2beac5ff79bef2e66c31d7
IP | Downloader Server IP |Â 165.227.121.41
PE Exec File | tr7 |Â e002696bb7d57315b352844cebc031e18e89f29e
PE Exec File | 2ndhsoru |766c266506918b467bf35db701c9b0954a616b58
‍
‍
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
5
min read
The Lumma Stealer malware is being distributed through deceptive human verification pages that trick users into running malicious PowerShell commands. This phishing campaign primarily targets Windows users and can lead to the theft of sensitive information
Category: Adversary Intelligence
Industry: Multiple
Motivation: Cyber Crime/Financial
Region: Global
TLP: GEEEN
‍
A new and sophisticated method of distributing Lumma Stealer malware has been uncovered, targeting Windows users through deceptive human verification pages. This technique, initially discovered by Unit42 at Palo Alto Networks, has prompted further investigation into similar malicious sites.
After our investigation, we have identified more active malicious sites spreading the Lumma Stealer. It's important to note that while this technique is currently being used to distribute Lumma Stealer, it could potentially be leveraged to deliver any type of malicious malware to unsuspecting users.Â
‍
‍
Threat actors create phishing sites hosted on various providers, often utilizing Content Delivery Networks (CDNs). These sites present users with a fake Google CAPTCHA page.
‍
‍
Our research team identified multiple domains hosting these malicious verification pages. The infection chain typically follows this pattern:
‍
‍
‍
‍
‍
‍
‍
‍
‍
Type | Name | Value
File |Â dengo.zip |Â 7c348f51d383d6587e2beac5ff79bef2e66c31d7
IP | Downloader Server IP |Â 165.227.121.41
PE Exec File | tr7 |Â e002696bb7d57315b352844cebc031e18e89f29e
PE Exec File | 2ndhsoru |766c266506918b467bf35db701c9b0954a616b58
‍
‍