Summary: A widespread phishing campaign utilizing fake CAPTCHA images in PDF documents hosted on Webflow’s CDN has been uncovered, aimed at distributing Lumma Stealer malware. The campaign has affected over 1,150 organizations and more than 7,000 users, predominantly in North America, Asia, and Southern Europe. Attackers employ SEO tactics to lure victims and have been observed uploading malicious PDFs to legitimate online libraries, further amplifying the threat.
Affected: More than 1,150 organizations primarily in technology, financial services, and manufacturing sectors.
Keypoints :
- 260 unique domains hosting 5,000 phishing PDFs redirect victims to malicious sites.
- Pdfs serve fake CAPTCHA images to trick users into executing malware via PowerShell commands.
- Recent findings reveal Lumma Stealer being disguised as Roblox games and software downloads.
- The malware operates on a malware-as-a-service model and features a SOCKS5 backconnect for attackers.
- Phishing strategies include personalized attacks using JavaScript obfuscation techniques.
Source: https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html
Views: 12