Hackers Using Fake Captchas to Spread Lumma Stealer Malware
The post Hackers Using Fake Captchas to Spread Lumma Stealer Malware appeared on BitcoinEthereumNews.com. In brief Hackers are using fake Captchas to distribute Lumma Stealer malware, new research has found. Once installed by an unsuspecting user, the malware searches infected devices for credentials, including crypto wallet data. Lumma Stealer is an example of Malware-as-a-Service, which is effectively run as a “sustainable cybercriminal business,” experts told Decrypt. Bad actors are using fake Captcha prompts to distribute fileless Lumma Stealer malware, according to research from cybersecurity firm DNSFilter. First detected on a Greek banking website, the prompt requests that Windows users copy and paste it into the Run dialog box, and then to press Enter. DNSFilter reports that the firm’s clients interacted with the fake Captcha 23 times over the course of three days, and that 17% of the people who encountered the prompt completed its on-screen steps, resulting in the attempted delivery of malware. ⚠️ Plot twist: That “I’m not a robot” click might be the most dangerous thing you do today. DNSFilter’s security team just caught bad actors using fake CAPTCHAs to drop fileless malware like Lumma Stealer. One click, and they’re in.
The post Hackers Using Fake Captchas to Spread Lumma Stealer Malware appeared on BitcoinEthereumNews.com.
In brief Hackers are using fake Captchas to distribute Lumma Stealer malware, new research has found. Once installed by an unsuspecting user, the malware searches infected devices for credentials, including crypto wallet data. Lumma Stealer is an example of Malware-as-a-Service, which is effectively run as a “sustainable cybercriminal business,” experts told Decrypt. Bad actors are using fake Captcha prompts to distribute fileless Lumma Stealer malware, according to research from cybersecurity firm DNSFilter. First detected on a Greek banking website, the prompt requests that Windows users copy and paste it into the Run dialog box, and then to press Enter. DNSFilter reports that the firm’s clients interacted with the fake Captcha 23 times over the course of three days, and that 17% of the people who encountered the prompt completed its on-screen steps, resulting in the attempted delivery of malware. ⚠️ Plot twist: That “I’m not a robot” click might be the most dangerous thing you do today. DNSFilter’s security team just caught bad actors using fake CAPTCHAs to drop fileless malware like Lumma Stealer. One click, and they’re in.
What's Your Reaction?
