Massive Scam Alert: 1,000 Fake Reddit Pages Spread Dangerous Lumma Malware

Massive Scam Alert: 1,000 Fake Reddit Pages Spread Dangerous Lumma Malware

Massive Phishing Campaign Targets Users Through Fake Reddit and WeTransfer Pages

A sophisticated phishing operation has been uncovered, involving nearly 1,000 fraudulent web pages that impersonate Reddit and WeTransfer to distribute the Lumma Stealer malware. The campaign consists of 529 fake Reddit pages and 407 counterfeit WeTransfer portals.

The attack chain begins with fake Reddit discussion threads where users appear to share download links through WeTransfer. Victims clicking these links are directed to convincing WeTransfer clone sites, which ultimately deliver the Lumma Stealer malware through a domain called “weighcobbweo[.]top.”

The fraudulent websites use a combination of brand names with random characters and either “.org” or “.net” domains to appear legitimate. Security researcher crep1x, who discovered the campaign, suggests that initial infection vectors may include malvertising, SEO poisoning, and social media messages.

Lumma Stealer, the payload in this campaign, is a sophisticated information-stealing malware capable of:
– Harvesting passwords from web browsers
– Stealing session tokens for account hijacking
– Extracting sensitive corporate login credentials

Recent victims of similar infostealer attacks include major companies like PowerSchool, HotTopic, CircleCI, and Snowflake. This campaign follows a similar pattern to a previous operation that used fake AnyDesk websites to distribute the Vidar Stealer malware.

The stolen data is typically sold on hacker forums, posing a significant threat to both individual and corporate security.

Share This Article