Summary: A new malware campaign utilizing fake CAPTCHA verification is delivering the Lumma information stealer globally, targeting various industries including healthcare and banking. The attack begins with victims being tricked into executing commands that download and run malicious files, evading browser defenses. The Lumma Stealer operates as malware-as-a-service, complicating detection efforts through diverse delivery methods and social engineering tactics.
Threat Actor: Unknown | Lumma Stealer
Victim: Various | global victims of Lumma Stealer
Keypoints :
- Malware campaign uses fake CAPTCHA to deliver Lumma information stealer.
- Victims are instructed to execute commands that download malicious HTA files.
- Attackers employ social engineering tactics, including impersonating legitimate services to harvest credentials.
Source: https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html