Windows users have been mainly targeted in a new phishing campaign that leverages phony CAPTCHA verification pages to facilitate Lumma Stealer malware deployment, Hackread reports.
Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data, including financial details and login credentials, according to a CloudSEK report. Such a development comes just weeks after the information-stealing malware was reported to have been concealed as an OnlyFans hacking tool, which ended up compromising threat actors' information. Threat actors also leveraged hacked YouTube channels to distribute Lumma in the guise of pirated software after an updated version of the infostealer was reported to have gained human user detection capabilities with trigonometric techniques.
