{"id":5877,"date":"2024-10-22T11:10:28","date_gmt":"2024-10-22T16:10:28","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/trick-captcha-lumma-stealer-malware"},"modified":"2024-10-22T11:10:28","modified_gmt":"2024-10-22T16:10:28","slug":"tricky-captcha-caught-dropping-lumma-stealer-malware","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/22\/tricky-captcha-caught-dropping-lumma-stealer-malware\/","title":{"rendered":"Tricky CAPTCHA Caught Dropping Lumma Stealer Malware"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Lumma Stealer stars in a new campaign that uses malicious CAPTCHA pages to scam targets into clicking through the “verification” process \u2014 triggering the initial malware download.<\/span><\/p>\n

Malware-as-a-service (MaaS) <\/span>Lumma Stealer<\/a><\/span> is commonly used by threat actors to steal sensitive information like passwords and crypto-wallet data, researchers at Qualys, who recently detailed the latest attack chain, explained.<\/span><\/p>\n

“When the user clicks the ‘I’m not a robot’ button, verification steps are presented,” Qualys threat researcher Vishwajeet Kumar wrote in a blog post detailing the latest Lumma Stealer find. “Completing these steps triggers the execution of a PowerShell command that initiates the download of an initial stager (malware downloader) on the target machine.”<\/span><\/p>\n

Lumma Stealer’s Easy Adaptability<\/h2>\n

This latest CAPTCHA-based tactic is new, Kumar added in the <\/span>Lumma Stealer campaign analysis<\/a><\/span>. Previous campaigns have relied on a wide array of cybercrimes to spread the infostealer, ranging from basic phishing to far more exotic gambits.<\/span><\/p>\n

Just a handful of examples from just this year include a <\/span>Lumma Stealer campaign<\/a><\/span> from January 2024 that used YouTube channels disguised as content to offer workarounds for eluding Web filters and cracking popular applications.<\/span><\/p>\n

By the summer, another <\/span>Lumma Stealer<\/a><\/span> effort popped up on Facebook, this time trying to lure victims into downloading a legitimate artificial intelligence (AI) photo editor. Even Hamster Kombat wasn’t spared. The more than 250 million estimated players of the game were targeted and <\/span>lured into downloading Lumma Stealer<\/a><\/span> by multiple simultaneous scams, it was discovered last July.<\/span><\/p>\n

“The investigation into Lumma Stealer reveals an evolving threat landscape characterized by the malware\u2019s ability to adapt and evade detection,” Kumar wrote. “It employs a variety of tactics, from leveraging legitimate software to utilizing deceptive delivery methods, making it a persistent challenge for security teams.”<\/span><\/p>\n

Protecting from ongoing Lumma Stealer threats requires close collaboration between threat intelligence, security operations centers (SOCs), and incident-response teams, according to Sarah Jones, a cyber-threat intelligence research analyst at Critical Start.<\/span><\/p>\n

“Given the rapid evolution of threats like Lumma Stealer, security teams must adopt a stance of continuous monitoring and adaptation, regularly updating detection rules, indicators of compromise, and security controls,” Jones says. “This campaign exemplifies the sophisticated threats organizations face today, requiring a multilayered defense approach that combines advanced technical controls with proactive threat hunting and ongoing adaptation to effectively combat evolving malware campaigns.”<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Lumma Stealer stars in a new campaign that uses malicious<\/p>\n","protected":false},"author":12,"featured_media":5878,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5877","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=2172%2C1260&ssl=1",2172,1260,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=300%2C174&ssl=1",300,174,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=640%2C372&ssl=1",640,372,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=640%2C371&ssl=1",640,371,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=1536%2C891&ssl=1",1536,891,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=2048%2C1188&ssl=1",2048,1188,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=1024%2C594&ssl=1",1024,594,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tricky-captcha-caught-dropping-lumma-stealer-malware.jpg?fit=2172%2C1260&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5877"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5877\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5878"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}