Malware, Phishing

Phony CAPTCHAs exploited in Lumma, Amadey trojan campaign

Share
Cyber security concept. Toy horse on a digital screen, symbolizes the attack of the Trojan virus. 3D illustration.

Threat actors have leveraged fraudulent CAPTCHAs to facilitate the deployment of the Lumma information-stealing malware and Amadey botnet as part of a new attack campaign that commenced in mid-September, which was primarily targeted at Brazil, Spain, Italy, and Russia, according to The Record, a news site by cybersecurity firm Recorded Future.

Malicious sites have been leveraged to redirect to a CAPTCHA, with clicking the "I'm not a robot" button followed by the copying and execution of malicious code prompting the distribution of the Lumma infostealer, which not only compromises cryptocurrency wallets and browser-stored data but also generates revenue by increasing traffic to online stores, a report from Kaspersky showed. Other attacks in the campaign involved the delivery of the Amadey botnet, which enables browser credential and cryptocurrency wallet compromise, as well as screenshot capturing and Remcos RAT deployment for total device takeovers, said researchers.

Related Terms

Adware

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.